Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/D...

windows11-21h2-x64

10

Resubmissions

03/01/2025, 03:54

250103-egqytsyldz 10

03/01/2025, 03:52

250103-ee5dfaylaw 10

Analysis

  • max time kernel
    185s
  • max time network
    194s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03/01/2025, 03:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/Da2dalus/The-MALWARE-Repo

Score
10/10
wipelockdiscoveryevasioninfostealerransomwaretrojan

Malware Config

Signatures

  • Wipelock

    Wipelock is an Android trojan with multiple capabilities, such as wiping data, reading and sending SMS messages without the victim's knowledge.

    trojaninfostealerwipelock
  • Wipelock Android payload 1 IoCs
  • Wipelock family
    wipelock
  • Disables Task Manager via registry modification
    evasion
  • Declares broadcast receivers with permission to handle system events 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Requests dangerous framework permissions 9 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 2 IoCs
    evasion
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3856
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc3db23cb8,0x7ffc3db23cc8,0x7ffc3db23cd8
      2⤵
        PID:4748
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,17311190680340476950,13907939598152811799,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
        2⤵
          PID:764
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,17311190680340476950,13907939598152811799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:448
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,17311190680340476950,13907939598152811799,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
          2⤵
            PID:3672
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17311190680340476950,13907939598152811799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
            2⤵
              PID:3244
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17311190680340476950,13907939598152811799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
              2⤵
                PID:3436
              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,17311190680340476950,13907939598152811799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:2308
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,17311190680340476950,13907939598152811799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4696
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17311190680340476950,13907939598152811799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
                2⤵
                  PID:4720
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17311190680340476950,13907939598152811799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
                  2⤵
                    PID:2432
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17311190680340476950,13907939598152811799,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
                    2⤵
                      PID:4780
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17311190680340476950,13907939598152811799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
                      2⤵
                        PID:4692
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17311190680340476950,13907939598152811799,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
                        2⤵
                          PID:1296
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,17311190680340476950,13907939598152811799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 /prefetch:8
                          2⤵
                            PID:4388
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,17311190680340476950,13907939598152811799,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4752 /prefetch:2
                            2⤵
                              PID:4816
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2256
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:1968
                              • C:\Windows\System32\rundll32.exe
                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                1⤵
                                  PID:4572
                                • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\000.exe
                                  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\000.exe"
                                  1⤵
                                  • Enumerates connected drives
                                  • Sets desktop wallpaper using registry
                                  • System Location Discovery: System Language Discovery
                                  • Modifies registry class
                                  • Suspicious use of AdjustPrivilegeToken
                                  • Suspicious use of SetWindowsHookEx
                                  PID:4828
                                  • C:\Windows\SysWOW64\cmd.exe
                                    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
                                    2⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:2600
                                    • C:\Windows\SysWOW64\taskkill.exe
                                      taskkill /f /im explorer.exe
                                      3⤵
                                      • System Location Discovery: System Language Discovery
                                      • Kills process with taskkill
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:2120
                                    • C:\Windows\SysWOW64\taskkill.exe
                                      taskkill /f /im taskmgr.exe
                                      3⤵
                                      • System Location Discovery: System Language Discovery
                                      • Kills process with taskkill
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:904
                                    • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                      wmic useraccount where name='Admin' set FullName='UR NEXT'
                                      3⤵
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:2188
                                    • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                      wmic useraccount where name='Admin' rename 'UR NEXT'
                                      3⤵
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:4480
                                    • C:\Windows\SysWOW64\shutdown.exe
                                      shutdown /f /r /t 0
                                      3⤵
                                        PID:4184
                                  • C:\Windows\system32\LogonUI.exe
                                    "LogonUI.exe" /flags:0x4 /state0:0xa3a1e855 /state1:0x41c64e6d
                                    1⤵
                                      PID:4712

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      d7145ec3fa29a4f2df900d1418974538

                                      SHA1

                                      1368d579635ba1a53d7af0ed89bf0b001f149f9d

                                      SHA256

                                      efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59

                                      SHA512

                                      5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      d91478312beae099b8ed57e547611ba2

                                      SHA1

                                      4b927559aedbde267a6193e3e480fb18e75c43d7

                                      SHA256

                                      df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043

                                      SHA512

                                      4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      1KB

                                      MD5

                                      c837e1742a31be214d11603d8558e5f2

                                      SHA1

                                      84eb1768aed06b218b95a22698868f73c4548958

                                      SHA256

                                      78ec6402674051cd9f8b883b0833616aa49cd47bf65f30b2de18eaf608409dd3

                                      SHA512

                                      3cf93eac1e67f004b43f5c82b5a6bca8e301e06b5e630e872090feb5e6cbfb569a59dfbd33d53dd619243b905852c948b67747b9f86f0ce6d9b4c04a3ce80311

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      573B

                                      MD5

                                      a6d346f58cbec0a6e4015327b25f1537

                                      SHA1

                                      750056e65a8b1c20b1a6051f5adcdf35821a6ac1

                                      SHA256

                                      1a715b1b5b62ef83ca8c62a18eddb3b5b6b738be2c654ab7a38cf22fdc8bea56

                                      SHA512

                                      74e563217a28cd6427739731f51ba2e35ee060c8ae6959d458d06a0416e17ffc6a49f8d0bbcb8d17cef144a45c36eb9f3b92305389ab0cfc5043f530d9f28d89

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      96b5bf3e76c572f6a051e04b0c574633

                                      SHA1

                                      91cc20194ddc8c97b23dcd55ee313f1a6844dc22

                                      SHA256

                                      88a063ad4878dbb0c9312d37c5d9668d612e722e00f4988c0c6f435c274fc3ee

                                      SHA512

                                      4acc5b16acba7f7d3fef9767ec5e82d911c4a6e54979a2690536a91db58282e30d4f1d30850d10c4a39d46c0652ecf1a4f4fe3d94af770803bfa85331fc52690

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      951f711ac8abadaeed5b0ab96269ffe5

                                      SHA1

                                      30bc066a9bbe702cb4a0da2aece61534cd8303f1

                                      SHA256

                                      3248f406308f333253830e6b8cec9bf284cc836214d2924ec86fbd4594d946e4

                                      SHA512

                                      d4e47079d18bcd7db8f8dd107ca2f0989fd0982f581fe368e11dd5997edfcdddbc3515f1d4194b3995d5b6d19b3db5009dc0a45b7e525730078cc23f419f8047

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      46295cac801e5d4857d09837238a6394

                                      SHA1

                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                      SHA256

                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                      SHA512

                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      206702161f94c5cd39fadd03f4014d98

                                      SHA1

                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                      SHA256

                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                      SHA512

                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      76b8570e75dd14113ad6a832c9bcdc7d

                                      SHA1

                                      874bf77526b4b639ece4a6d5acefae609d37cfdc

                                      SHA256

                                      f7eb8fcec06bba176c9233e5ce08f5e0b795107913d2730081fbb34cddd77506

                                      SHA512

                                      b6e4a25edda650fd650c1163cc4cf47bd96e2278b6760876f91d84acec5f65eb9f48f2b8a48741bf338be3e3db7208b15b2f6e8ca5d0155409d1045ef3b6e4dc

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      0435cf3e3195cebc9b55880576d5f091

                                      SHA1

                                      6ae8e463cd14103483cbe7227c0ac08fc87a4eaf

                                      SHA256

                                      c9bc1d645bc84f64277a3e8c8d26cab51fcebe6c782fe4854de3a9bf32dddab3

                                      SHA512

                                      cb13875de8eaaa547328d3e104785eee0da5fc226993aa75ebf09238d2468407fc855ebe0c29a9351cff09b09f9ce9e7c787127a5a5dd310510101c7dfa1c121

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
                                      Filesize

                                      768KB

                                      MD5

                                      40369ea1e08618a0de049168616a97dd

                                      SHA1

                                      37f48475047486c35fb0840fd75b6b37a091d9d7

                                      SHA256

                                      af0b228c472f498f6646f39feae6cb69cd757f9a4fa46fd5f9fd61df0f680cf7

                                      SHA512

                                      9e8129f88a9dfdd219d9811d24289f6e874708174b93554697e017d6f331832d68b96ecbc93e0aa2cc67af203e82dcd1557442f79b82c8f48a6ac2072d85af33

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.2\WMSDKNS.XML.bak
                                      Filesize

                                      9KB

                                      MD5

                                      7050d5ae8acfbe560fa11073fef8185d

                                      SHA1

                                      5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                      SHA256

                                      cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                      SHA512

                                      a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Temp\one.rtf
                                      Filesize

                                      403B

                                      MD5

                                      6fbd6ce25307749d6e0a66ebbc0264e7

                                      SHA1

                                      faee71e2eac4c03b96aabecde91336a6510fff60

                                      SHA256

                                      e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690

                                      SHA512

                                      35a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Temp\rniw.exe
                                      Filesize

                                      76KB

                                      MD5

                                      9232120b6ff11d48a90069b25aa30abc

                                      SHA1

                                      97bb45f4076083fca037eee15d001fd284e53e47

                                      SHA256

                                      70faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be

                                      SHA512

                                      b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Temp\windl.bat
                                      Filesize

                                      771B

                                      MD5

                                      a9401e260d9856d1134692759d636e92

                                      SHA1

                                      4141d3c60173741e14f36dfe41588bb2716d2867

                                      SHA256

                                      b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7

                                      SHA512

                                      5cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6

                                      Download Submit

                                    • C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt
                                      Filesize

                                      396B

                                      MD5

                                      9037ebf0a18a1c17537832bc73739109

                                      SHA1

                                      1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

                                      SHA256

                                      38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

                                      SHA512

                                      4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

                                      Download Submit

                                    • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\WindowsXPHorrorEdition.txt
                                      Filesize

                                      123B

                                      MD5

                                      49f5ddbf0748e69f30a2909276418311

                                      SHA1

                                      c3205cccffe909f2a60560d6179cc096d4907386

                                      SHA256

                                      1e9637fc91b1fe4a13401c4bbb1919f0fc951c55b8d120df51854df02f8fcd6d

                                      SHA512

                                      dc741df9988212c362315d82a686dc0b4085890cdccce98bda8ec617a671b737f954b4530a424816cf5fb3affe3355022b1b1acae16fbd7dea33adac7cec80c8

                                      Download Submit

                                    • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\elite.apk
                                      Filesize

                                      533KB

                                      MD5

                                      9f01767647e2e72f446d374bbcb20c53

                                      SHA1

                                      f6b1adcd7723b525418a05bcede5c671366d7ab3

                                      SHA256

                                      fcee982b3d0e1601b40078d98df03503668aec7542721f921ae8248bc3cec3a1

                                      SHA512

                                      4b9dc2dc08f015ed96a3ce30978994314d3edca84348eb62e7cb65d4d5477f179c44c80cc0a67863bc119555d0217f57681d047ce98ec405bd5eeaf2da8280ed

                                      Download Submit

                                    • C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\vi4a.apk
                                      Filesize

                                      37KB

                                      MD5

                                      5f616a8fb9ce44ed75834487405be446

                                      SHA1

                                      8ae9c48e6a8a21b4c8068e0b8855240978637fdf

                                      SHA256

                                      b0ff5690c31f160808a869a14fa55f9e38c82de81cf98b895badc88c997ee45c

                                      SHA512

                                      0ad658d53c455f7e68c3a4722f475bba65c22f17fd2c330a1ed34bff384462ceae9096c2d2e9cb4ad35168c551d579ca6b7335728432e94661dc8f65cdd14c58

                                      Download Submit

                                    • memory/4828-314-0x000000000C300000-0x000000000C310000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/4828-316-0x000000000C300000-0x000000000C310000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/4828-315-0x000000000C300000-0x000000000C310000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/4828-291-0x00000000061E0000-0x0000000006786000-memory.dmp

                                      Filesize

                                      5.6MB

                                      Download

                                    • memory/4828-320-0x000000000C300000-0x000000000C310000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/4828-319-0x000000000C300000-0x000000000C310000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/4828-321-0x000000000CBB0000-0x000000000CBC0000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/4828-318-0x000000000CBB0000-0x000000000CBC0000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/4828-317-0x000000000CBB0000-0x000000000CBC0000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/4828-313-0x000000000C300000-0x000000000C310000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/4828-310-0x000000000BF50000-0x000000000BF5E000-memory.dmp

                                      Filesize

                                      56KB

                                      Download

                                    • memory/4828-309-0x000000000BF90000-0x000000000BFC8000-memory.dmp

                                      Filesize

                                      224KB

                                      Download

                                    • memory/4828-290-0x0000000000B10000-0x00000000011BE000-memory.dmp

                                      Filesize

                                      6.7MB

                                      Download