Malware Analysis Report

2024-11-30 14:34

Sample ID 241121-kt7d8svncp
Target https://github.com/Da2dalus/The-MALWARE-Repo
Tags
danabot banker botnet discovery persistence trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/Da2dalus/The-MALWARE-Repo was found to be: Known bad.

Malicious Activity Summary

danabot banker botnet discovery persistence trojan

Danabot

Danabot family

Danabot x86 payload

Blocklisted process makes network request

Drops startup file

Loads dropped DLL

Executes dropped EXE

Adds Run key to start application

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Program crash

Browser Information Discovery

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-21 08:54

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-21 08:54

Reported

2024-11-21 08:59

Platform

win10v2004-20241007-en

Max time kernel

277s

Max time network

279s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo

Signatures

Danabot

trojan banker danabot

Danabot family

danabot

Danabot x86 payload

botnet
Description Indicator Process Target
N/A N/A N/A N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microzoft_Ofiz = "C:\\Windows\\KdzEregli.exe" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe" C:\Users\Admin\AppData\Roaming\Axam.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\limewire\Shared\Super Mario.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Kazaa\My Shared Folder\Invisible_man.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Kazaa\My Shared Folder\Invisible_man.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\KaZaA Lite\My Shared Folder\AjeedNASA.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\KaZaA Lite\My Shared Folder\AjeedNASA.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
File created C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Kazaa\My Shared Folder\Invisible_man.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\limewire\Shared\Super Mario.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\limewire\Shared\Super Mario.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Kazaa\My Shared Folder\Invisible_man.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
File created C:\Program Files (x86)\Kazaa\My Shared Folder\Invisible_man.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\KaZaA Lite\My Shared Folder\AjeedNASA.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Kazaa\My Shared Folder\Invisible_man.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\KaZaA Lite\My Shared Folder\AjeedNASA.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
File created C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
File created C:\Program Files (x86)\Kazaa\My Shared Folder\Invisible_man.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\limewire\Shared\Super Mario.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\limewire\Shared\Super Mario.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\limewire\Shared\Super Mario.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\limewire\Shared\Super Mario.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\KaZaA Lite\My Shared Folder\AjeedNASA.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Kazaa\My Shared Folder\Invisible_man.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\KaZaA Lite\My Shared Folder\AjeedNASA.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\limewire\Shared\Super Mario.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
File created C:\Program Files (x86)\KaZaA Lite\My Shared Folder\AjeedNASA.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
File created C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Ankara.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe N/A
File opened for modification C:\Windows\Anti_Virus.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe N/A
File opened for modification C:\Windows\KdzEregli.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe N/A
File created C:\Windows\Cekirge.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe N/A
File opened for modification C:\Windows\Meydanbasi.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe N/A
File created C:\Windows\Pire.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe N/A
File opened for modification C:\Windows\Cekirge.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe N/A
File opened for modification C:\Windows\Adapazari.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe N/A
File created C:\Windows\Messenger.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe N/A
File opened for modification C:\Windows\My_Pictures.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe N/A
File created C:\Windows\Pide.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe N/A
File opened for modification C:\Windows\Ankara.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe N/A
File created C:\Windows\Adapazari.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe N/A
File created C:\Windows\Anti_Virus.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe N/A
File opened for modification C:\Windows\Messenger.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe N/A
File created C:\Windows\Meydanbasi.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe N/A
File opened for modification C:\Windows\Pide.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe N/A
File opened for modification C:\Windows\Pire.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe N/A
File created C:\Windows\KdzEregli.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe N/A
File created C:\Windows\My_Pictures.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Anap.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Axam.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa" C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.exe C:\Users\Admin\AppData\Roaming\Axam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1" C:\Users\Admin\AppData\Roaming\Axam.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1692 wrote to memory of 2128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 2128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 2116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 2116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 4664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff553246f8,0x7fff55324708,0x7fff55324718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16189267098592236744,13928906103622443127,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,16189267098592236744,13928906103622443127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,16189267098592236744,13928906103622443127,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16189267098592236744,13928906103622443127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16189267098592236744,13928906103622443127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16189267098592236744,13928906103622443127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16189267098592236744,13928906103622443127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,16189267098592236744,13928906103622443127,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4800 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16189267098592236744,13928906103622443127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16189267098592236744,13928906103622443127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16189267098592236744,13928906103622443127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16189267098592236744,13928906103622443127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16189267098592236744,13928906103622443127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,16189267098592236744,13928906103622443127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe"

C:\Windows\SysWOW64\regsvr32.exe

C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.exe@1224

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1224 -ip 1224

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 460

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.dll,f0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16189267098592236744,13928906103622443127,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6204 /prefetch:2

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Browser Hijackers\BabylonToolbar.txt

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x510 0x4cc

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Anap.a.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Anap.a.exe"

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe"

C:\Users\Admin\AppData\Roaming\Axam.exe

"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Brontok.exe"

C:\Users\Admin\AppData\Roaming\Axam.exe

"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Bugsoft.exe"

C:\Users\Admin\AppData\Roaming\Axam.exe

"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Lacon.exe"

C:\Users\Admin\AppData\Roaming\Axam.exe

"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\Blackkomet.exe"

C:\Users\Admin\AppData\Roaming\Axam.exe

"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\Remcos.exe"

C:\Users\Admin\AppData\Roaming\Axam.exe

"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe"

C:\Users\Admin\AppData\Roaming\Axam.exe

"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NetWire.exe"

C:\Users\Admin\AppData\Roaming\Axam.exe

"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\WarzoneRAT.exe"

C:\Users\Admin\AppData\Roaming\Axam.exe

"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Alerta.exe"

C:\Users\Admin\AppData\Roaming\Axam.exe

"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Ana.exe"

C:\Users\Admin\AppData\Roaming\Axam.exe

"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Hydra.exe"

C:\Users\Admin\AppData\Roaming\Axam.exe

"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Hydra.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 210.179.15.23.in-addr.arpa udp
US 8.8.8.8:53 200.254.1.23.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
FR 51.178.195.151:443 tcp
CA 51.222.39.81:443 tcp
FR 51.77.7.204:443 tcp
US 38.68.50.179:443 tcp
US 149.255.35.125:443 tcp
FR 51.77.7.204:443 tcp
FR 51.77.7.204:443 tcp
FR 51.77.7.204:443 tcp
FR 51.77.7.204:443 tcp
FR 51.77.7.204:443 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 37f660dd4b6ddf23bc37f5c823d1c33a
SHA1 1c35538aa307a3e09d15519df6ace99674ae428b
SHA256 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8
SHA512 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

\??\pipe\LOCAL\crashpad_1692_DGHFOWIPJWGOTHYS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d7cb450b1315c63b1d5d89d98ba22da5
SHA1 694005cd9e1a4c54e0b83d0598a8a0c089df1556
SHA256 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031
SHA512 df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 13fa65aa57bae63ddd4722f53c73e401
SHA1 eb452d24b8791133f7384bc3e7986eb246570a0f
SHA256 d988b4737a1afe1b4ff50229fa2db258a56ce14a22060072aaf28fb03f9af7a1
SHA512 8f5041653a2d3413d756a8c0a240bd243337aa2e60a0296bb98db17f4cf33548c1adbc7052a183881a03f68effe2481381cc24893b8ea9ad2a02ad8d8ca7d80e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6e7bcb276bdd59fefa899dda72b2254a
SHA1 f3b5eed26ccbe215c828218e93e0806a107a2d98
SHA256 1c4fd7871619ff138175a152c42631355925bbf714e9dd51a0ae9f315045fafe
SHA512 5d152b8e0c81b5ac09ed51cc47849ec49a5cd1ed3d69c3c2d75f1bd578d56c7f05faea7067d8ce2fc0e214f16e9b243e520df87a74c1f73f00c918334dd92a48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ae1a84a2fe2dc794e8954fc9eeba79af
SHA1 a3c83d6318148c149f38209af567fea2635e1500
SHA256 647e9246ba8ab5bd0d7d649563f3646868713b2ccb9856099afc244cc9fbb58b
SHA512 b945720b312d6c0c58585edc38ccaee0706d27e074556d41661b7f9dcb31d4a16d39a765f2273d86ac224527b61c7fad3696fe875666311eb4101d76f4bca717

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3e6c62c7af266183a4ccfd16266487f1
SHA1 eb3e5604b47e246d1da72b031fc900d1804d06ed
SHA256 7fa48e73b1191b9dfd1961cd04655846558adb123ebfc0257455975392e5ce32
SHA512 9749df82ca288d17d117eee5a3791a82b968c75c0fff799fc7f94380e0308cda29229f82191d7c3335a83073ca4e87478dfd00e09779eec57910f54a127cb832

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a6d346f58cbec0a6e4015327b25f1537
SHA1 750056e65a8b1c20b1a6051f5adcdf35821a6ac1
SHA256 1a715b1b5b62ef83ca8c62a18eddb3b5b6b738be2c654ab7a38cf22fdc8bea56
SHA512 74e563217a28cd6427739731f51ba2e35ee060c8ae6959d458d06a0416e17ffc6a49f8d0bbcb8d17cef144a45c36eb9f3b92305389ab0cfc5043f530d9f28d89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 10a9cfc613bdb2f9907f50b73458435e
SHA1 0925ab9398ecc8297199e4af2b509b4e5ea1f2c5
SHA256 3b7c7e973988b675a125b994c71d4699937d39c4a8d516969842a0c7a027900a
SHA512 3f286b93896c7dad4637f64672b1995132fe5d4a962bfaf7930267163db7ac45b27d780b431e3bd8cc9e262f829d0fe02f946827fe7b2cc65541edea2950c8cd

C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.dll

MD5 7e76f7a5c55a5bc5f5e2d7a9e886782b
SHA1 fc500153dba682e53776bef53123086f00c0e041
SHA256 abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3
SHA512 0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

memory/1224-273-0x0000000000400000-0x0000000000AAD000-memory.dmp

memory/2308-274-0x0000000000400000-0x000000000066B000-memory.dmp

memory/2308-280-0x0000000000400000-0x000000000066B000-memory.dmp

memory/1872-291-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Windows\Messenger.exe

MD5 47abd68080eee0ea1b95ae31968a3069
SHA1 ffbdf4b2224b92bd78779a7c5ac366ccb007c14d
SHA256 b5fc4fd50e4ba69f0c8c8e5c402813c107c605cab659960ac31b3c8356c4e0ec
SHA512 c9dfabffe582b29e810db8866f8997af1bd3339fa30e79575377bde970fcad3e3b6e9036b3a88d0c5f4fa3545eea8904d9faabf00142d5775ea5508adcd4dc0a

memory/4848-321-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Axam.exe

MD5 0fbf8022619ba56c545b20d172bf3b87
SHA1 752e5ce51f0cf9192b8fa1d28a7663b46e3577ff
SHA256 4ae7d63ec497143c2acde1ba79f1d9eed80086a420b6f0a07b1e2917da0a6c74
SHA512 e8d44147609d04a1a158066d89b739c00b507c8ff208dac72fdc2a42702d336c057ae4b77c305f4ccdfe089665913098d84a3160a834aaebe41f95f4b4bfddeb

C:\Autoexec.bat

MD5 3565a089a0f8b2b5afb04ec4379b44dc
SHA1 4075ac633db35b158e4142860a2fd4f331780f9c
SHA256 941689078f2ed21767fd0aa5ad330df33b8a0ac96acccb2020f307558d6087cb
SHA512 112538d7d1af9c02536db20acfc6cea3225341d0f1468ad49ab980a65c74c9111fbf2514776e4e40bd2fbb13d1703dc47cc647b780dc503be99f6fa712c925a5

memory/4848-339-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2732-342-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Autoexec.bat

MD5 3c134fc18e7bdaf02d63571d193799ad
SHA1 7e6f22569d16202195410f29e6c74d093f1fa930
SHA256 087f1acb6ed4d7563daaf6f0e1110dc7b3d5b4d6130ba19389cdf3eb90e9d347
SHA512 5b02fda689e01d570fced10841daea8f543467b9a0ea138149c486c6d9fd56a0684901af16cbf2b3ad7f1d0b6cf6b08bc36288afcec4d5552b5863ef854570d6

memory/180-350-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Autoexec.bat

MD5 9ec5dcbc21f0309fc9c7c545063986b5
SHA1 eaea4f607aeefc9f6081d4b122ebaec421e7029b
SHA256 273c2c218dd1d27bca1ad23115deb50ee860332b724f7a1b1aa906e055d0d38d
SHA512 e2044e50dd09b7df76b76ae96f1fbfea85a73e5055891df4b464b8cf981f5ef623fa660f6b5c3beda289d4166cb39a38e3153a1ed6e4e74fda7ea0914a3ea935

memory/2360-363-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Autoexec.bat

MD5 c73f3203dbe2960f84a494e1662db2c9
SHA1 27835a0be12637153e54411bea70546c1de82770
SHA256 60683424722818828849fcd2e3893265de28c94d660d64b8cb1d1f31a20026c2
SHA512 4cbb057b8d9760f0e16bfc110405f2f239c52b0559a59759e310266fc6bf96e84fd5798a30bcbea56e748890ce335825845e0df1c269ca03501cf7f32e0cb1cc

C:\Autoexec.bat

MD5 73e598672cece33b0c27f3a2f8d3501d
SHA1 cb1955298a70cd5cc2f55fe127a56dfc6fbbccfc
SHA256 0250e34f90f6e94dde2cab734f5ac2cb9c6aa9fe1b91d7e9e651f20645296363
SHA512 4094ba8f8b335133b836702d58c6660d2edc74d869f5bbcc1bc5a4a30f4f60e79ed4937464f0ec2f10daa4b1d866ade04c179b14450d0cb3f73ccf4b2c00fcb6

C:\Autoexec.bat

MD5 3b1cc48b2addf796ebde1c6d0c020bea
SHA1 53b249bef441ad8dff4f5a90ef149ab10803cfdf
SHA256 d8c19dae05edffa4dd0957dcfa45eac44273842b1364c5a999a0a21c1108ccf8
SHA512 525cac7d2070540abdfa8b6ea43631610f9c7440346f319b90c1826d73d7d125d165a2718a04f82eac1b47202afa1b6c6f2576af0fa76b03f9058bd21fa90f77

memory/8-389-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Autoexec.bat

MD5 64fd1f107fe39a118a1e0df6a2231c21
SHA1 1757c6e25e245eebd74994acefc148a55ca85675
SHA256 a671cbd881a552e34f8c7594f6dbfd1442d5a702ed914fead3cd0fcc5f37d51e
SHA512 450e1a6ef677bd192fac285af9aa2e71267d1a8ba138fd3a5a1da9f3267540fa951a1e9c4e2b3bf724f326d5c20eb51113005660c7865158ad0669089c16b53f

memory/3392-397-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1872-400-0x0000000000400000-0x000000000040E000-memory.dmp

C:\Autoexec.bat

MD5 d1a3d2a396b79cd871f99665b134a49a
SHA1 2ab15e630b751e94d72362f2b55f60c4d7f35f40
SHA256 7ba07c3784813a0f9cc1ff90f54c5517e288bde40d5ccbe8b098af4975c16ee6
SHA512 d88ddaa9e3e9213e7f9bc19da72011e51c66199b10557e79e2edc5e50f0879a51216817a9dbede8807c8ec8b8b9457482f49ad00576c0c214e0bac2d034b79c7

memory/2448-409-0x0000000000400000-0x000000000040C000-memory.dmp

memory/2324-412-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1012-417-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Autoexec.bat

MD5 865a45b31cb7baefb3b71ae51eb67308
SHA1 42094765f9627e713f573b2e6a203183068a6159
SHA256 99f2f70a9e34a9c63f6107b8308e41b83139f62b72a2f2ffd2394b0063ec79e2
SHA512 70ba8d348e1954b90a078ff47b9d63ca7663b9ae7c0c8e32f50b53acfd928465f91cb36760a1560d80d33ca07e7e815e18905b0b104ae52de80e5a58fdc73d1f

C:\Autoexec.bat

MD5 f66b8249919fa2b7bb00beddfffa2f9a
SHA1 321e81d7eead2350c57600ebc6ff0a9b4a4e06b2
SHA256 8ebb03500bb9833bda093b9d8ababd2bb633a0b97913765e05191ea51ac4adcc
SHA512 1034bb1e17c26c928a9b2cbb5f7615754af844883980922adf7f81e10821e6851780d49ee4edc8de955cc3d50e84f4ad7b57b90c96d9ca7f4f63acabd9449d9f

memory/4836-436-0x0000000000400000-0x000000000040C000-memory.dmp

memory/1344-444-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Autoexec.bat

MD5 b7922b0709a026f2188f725dae20b6e8
SHA1 4b91513018aa95f062f4ed4b5b9f88032b7ccbe2
SHA256 0e81b90f3c97c85cdd3b4734667ecd140045cd795e89b6b3fb28bdbc1d0fc015
SHA512 02f6afa56f7ec2fb4664d0e9522a5a5d0a1912e4f830d8b4bc9c186322d0fc21cfa0f2e65567057ba8da1cf1dbd44e886b9b393a0fe47a7b60665d36b6790fe1

memory/4520-457-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Autoexec.bat

MD5 f97e2548b10247a8f61605db9a7f5946
SHA1 6ef69ffb824a6842f6bedb2f800cf3e31ca0135a
SHA256 3cd268a890a1e10796a4d9c43e7d678baf8ff25b614c8cf45f23f18c0bd3fbff
SHA512 e4a68819058b08e55000462a177f137575ebb741c021ce8ae471335bbc0678e095e6fb4e499ba7e3ec18deead014d83b2fea7c2f378ec67888aaf0ebef0734b0

memory/892-469-0x0000000000400000-0x000000000040C000-memory.dmp

memory/4520-478-0x0000000000400000-0x000000000040C000-memory.dmp