Malware analysis /Zusyaku/Malware-Collection-Part-2/blob/main/Ransomware/BadRabbit.exe Malicious activity

Add for printing

download:	/Zusyaku/Malware-Collection-Part-2/blob/main/Ransomware/BadRabbit.exe
Full analysis:	https://app.any.run/tasks/4bd78a90-2fc1-4ead-9a5d-8d2b4704ef75
Verdict:	Malicious activity
Analysis date:	December 25, 2023, 08:50:40
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/json
File info:	JSON data
MD5:	B8D35FCFAA6F27805C22B7BC443D09E4
SHA1:	7DCFDCCDB0F5A4B89AAC85485670962EF6C27CAE
SHA256:	BFDC338F9F4F7F90D00612E02A0EDEC759F89D14999D4A71E403B74D89168685
SSDEEP:	1536:Otz9DZxjDFBd9R9fBpNPAKptDx1r5VBtbfNbFfhNNl9FlddTNx99pB9NVV5Vlxvx:dF30

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
No suspicious indicators.
INFO
- Drops the executable file immediately after the start
  - chrome.exe (PID: 332)
- Manual execution by a user
  - chrome.exe (PID: 2076)
- Application launched itself
  - chrome.exe (PID: 2076)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

EXIF

JSON

PayloadAllShortcutsEnabled:	-
PayloadBlobCsv:	null
PayloadBlobCsvError:	null
PayloadBlobDependabotInfoConfigFilePath:	null
PayloadBlobDependabotInfoConfigurationNoticeDismissed:	null
PayloadBlobDependabotInfoCurrentUserCanAdminRepo:	-
PayloadBlobDependabotInfoDismissConfigurationNoticePath:	/settings/dismiss-notice/dependabot_configuration_notice
PayloadBlobDependabotInfoNetworkDependabotPath:	/Zusyaku/Malware-Collection-Part-2/network/updates
PayloadBlobDependabotInfoRepoAlertsPath:	/Zusyaku/Malware-Collection-Part-2/security/dependabot
PayloadBlobDependabotInfoRepoOwnerIsOrg:	-
PayloadBlobDependabotInfoRepoSecurityAndAnalysisPath:	/Zusyaku/Malware-Collection-Part-2/settings/security_analysis
PayloadBlobDependabotInfoShowConfigurationBanner:	-
PayloadBlobDiscussionTemplate:	null
PayloadBlobDisplayName:	BadRabbit.exe
PayloadBlobDisplayUrl:	https://github.com/Zusyaku/Malware-Collection-Part-2/blob/main/Ransomware/BadRabbit.exe?raw=true
PayloadBlobHeaderInfoBlobSize:	432 KB
PayloadBlobHeaderInfoDeleteInfoDeleteTooltip:	You must be signed in to make or propose changes
PayloadBlobHeaderInfoEditInfoEditTooltip:	You must be signed in to make or propose changes
PayloadBlobHeaderInfoGhDesktopPath:	https://desktop.github.com
PayloadBlobHeaderInfoGitLfsPath:	null
PayloadBlobHeaderInfoIsCSV:	-
PayloadBlobHeaderInfoIsRichtext:	-
PayloadBlobHeaderInfoLineInfoTruncatedLoc:	null
PayloadBlobHeaderInfoLineInfoTruncatedSloc:	null
PayloadBlobHeaderInfoMode:	file
PayloadBlobHeaderInfoOnBranch:
PayloadBlobHeaderInfoShortPath:	99b9e66
PayloadBlobHeaderInfoSiteNavLoginPath:	/login?return_to=https%3A%2F%2Fgithub.com%2FZusyaku%2FMalware-Collection-Part-2%2Fblob%2Fmain%2FRansomware%2FBadRabbit.exe
PayloadBlobHeaderInfoToc:	null
PayloadBlobImage:	-
PayloadBlobIsCodeownersFile:	null
PayloadBlobIsPlain:	-
PayloadBlobIsValidLegacyIssueTemplate:	-
PayloadBlobIssueTemplate:	null
PayloadBlobIssueTemplateHelpUrl:	https://docs.github.com/articles/about-issue-and-pull-request-templates
PayloadBlobLanguage:	null
PayloadBlobLanguageID:	null
PayloadBlobLarge:	-
PayloadBlobLoggedIn:	-
PayloadBlobNewDiscussionPath:	/Zusyaku/Malware-Collection-Part-2/discussions/new
PayloadBlobNewIssuePath:	/Zusyaku/Malware-Collection-Part-2/issues/new
PayloadBlobPlanSupportInfoRepoIsFork:	null
PayloadBlobPlanSupportInfoRepoOwnedByCurrentUser:	null
PayloadBlobPlanSupportInfoRequestFullPath:	/Zusyaku/Malware-Collection-Part-2/blob/main/Ransomware/BadRabbit.exe
PayloadBlobPlanSupportInfoShowFreeOrgGatedFeatureMessage:	null
PayloadBlobPlanSupportInfoShowPlanSupportBanner:	null
PayloadBlobPlanSupportInfoUpgradeDataAttributes:	null
PayloadBlobPlanSupportInfoUpgradePath:	null
PayloadBlobPublishBannersInfoDismissActionNoticePath:	/settings/dismiss-notice/publish_action_from_dockerfile
PayloadBlobPublishBannersInfoDismissStackNoticePath:	/settings/dismiss-notice/publish_stack_from_file
PayloadBlobPublishBannersInfoReleasePath:	/Zusyaku/Malware-Collection-Part-2/releases/new?marketplace=true
PayloadBlobPublishBannersInfoShowPublishActionBanner:	-
PayloadBlobPublishBannersInfoShowPublishStackBanner:	-
PayloadBlobRawBlobUrl:	https://github.com/Zusyaku/Malware-Collection-Part-2/raw/main/Ransomware/BadRabbit.exe
PayloadBlobRawLines:	null
PayloadBlobRenderImageOrRaw:
PayloadBlobRenderedFileInfo:	null
PayloadBlobRichText:	null
PayloadBlobShortPath:	null
PayloadBlobStylingDirectives:	null
PayloadBlobSymbols:	null
PayloadBlobTabSize:	8
PayloadBlobTopBannersInfoActionsOnboardingTip:	null
PayloadBlobTopBannersInfoCitationHelpUrl:	https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-github/about-citation-files
PayloadBlobTopBannersInfoGlobalPreferredFundingPath:	null
PayloadBlobTopBannersInfoOverridingGlobalFundingFile:	-
PayloadBlobTopBannersInfoRepoName:	Malware-Collection-Part-2
PayloadBlobTopBannersInfoRepoOwner:	Zusyaku
PayloadBlobTopBannersInfoShowDependabotConfigurationBanner:	-
PayloadBlobTopBannersInfoShowInvalidCitationWarning:	-
PayloadBlobTruncated:	-
PayloadBlobViewable:	-
PayloadBlobWorkflowRedirectUrl:	null
PayloadCopilotAccessAllowed:	-
PayloadCopilotInfo:	null
PayloadCsrf_tokensZusyakuMalware-Collection-Part-2branchesPost:	gVbkHnha7fDjYhy271LhdP9WTWcZTtnOVB2BRbqPzI21R3KGilVAZCuNVyxs-n1EDRNn0St573cKdkwJGEQWiQ
PayloadCsrf_tokensrepospreferencesPost:	ajjW98dJH96d_tZb5dDucRJ2r11n50raQvAzguIZvmaeE4ak56jvCIOvDMl93ZC9C1ZFZIissq31doeM_PztPg
PayloadCurrentUser:	null
PayloadFileTreeItemsContentType:	directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory directory file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file file
PayloadFileTreeItemsName:	000 virus 666 ADs_TFA1206 Banking-Malware Batchs Botnets Browser Hijackers CIH (Win32) Chimichi Clay Coffin32 CoreR Trojan DittoDestructive Email-Worm.Win32.Magistr Email-Worm.Win32.Maldal Email-Worm.Win32.MeltingScreen Email-Worm EternalBlue EvilQuest Exploits Fake GoldenEye Fake PetrWrap HURR-DURR Hachi Hello Holzer Holzery HtkLkr Hungadian Hyptonize Interim Itachi14 ItachiNoSleep JanusPetya Ransomware Joke Programs Joke.Win32.Badgame Joke.Win32.FakePetya Joke LAndy@Clean LivingDeath LoselconIw Lumitium MEMZ 4.0 Clean Mist (Win32) Monster Ransomware (second new version) Monster Ransomware MrsMajor Net-Worm.Win32.Opaserv Net-Worm NotMyFault Notepad Spam OIETIF OneHalf OneLastSong-main PCToaster PUP Petya PetyaMFTDestroyer Pony Quarknova RAT Ransomware SOCIAL CREDIT TEST (virus) Satana SnakeRansom Spyware Stealer Trojan.ROTANOTEDKSID Trojan.Ransom.GoldenEye Trojan.Ransom.NotPetya Trojan.Ransom.PetrWrap Trojan.VBS.Bolbi Trojan.Win32.Alerta Trojan.Win32.IconDance Trojan.Win32.Sevgi Trojan.Win32.Whiter Trojan.Win9x.FlashKiller Trojan Ultra Defender Viper Ransomware Viral Ransomware 3.0 Virus.Boot-DOS.Implant Virus.Boot-DOS.LivingDeath Virus.Boot-DOS.Prowler Virus.DOS.Abraxas Virus.DOS.Barrotes Virus.DOS.Billiard Virus.DOS.Christmas Virus.DOS.Claudia Virus.DOS.Devil Virus.DOS.Diamond Virus.DOS.Executioner Virus.DOS.Holiday Virus.DOS.Immortal Virus.DOS.Italian Virus.DOS.Karina Virus.DOS.Kwok Virus.DOS.LSD Virus.DOS.Lichen Virus.DOS.Morphine Virus.DOS.OneHalf Virus.DOS.PZ Virus.DOS.RSA Virus.DOS.RTL Virus.DOS.Radio Virus.DOS.Raving Virus.DOS.Satanic Virus.DOS.Skynet Virus.DOS.Sov Virus.DOS.Suicide Virus.DOS.TPE.Kela Virus.DOS.Techno Virus.DOS.Ukraine Virus.DOS.Walker Virus.VBS.Karma Virus.Win16.Apparition Virus.Win16.Gollum Virus.Win32.Antares Virus.Win32.Rigel Virus.Win32.Winfig Virus.Win9x.CIH (Infected AlZip program) Virus.Win9x.CIH Virus.Win9x.Prizm Virus.Win9x.Shoerec Virus.Win9x.Smash Virus WannaCryPlus WannaCrypt0r Worm Locker 2.0 Worm XXX Xylitol YouAreAnIdiot Zepa blue_skull cuppotrium deckufniw 1.1 dobrota inoccoece loh_trojan modos-main nttdsl photenium rogues slam-ransomware-main takinium winDelete-New winbmpdestructive #READ ME#.txt $uckyLocker.exe 000.exe 000.zip 0x07.exe 1234.jpg 25b4699a7b9eeb15e85525d843d4ab05e94d43f3202136927e13b3ebafa153525.exe 5_6077904848743826573.exe 666.zip 7ev3n.exe 7ev3n.zip 86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f.exe @_.rar ADs_TFA1206.rar AIDS_NT.exe Abantes (1).zip Activation.reg AdStRkJ.7z Amoguz Meme.exe AnViPC2009.exe AnViPC2009.zip Ana.exe Android.Spy.49_iBanking_Feb2014.exe Annabelle.zip AnnoyingPingPong.exe Antivirus 2010.zip Antivirus.exe Antivirus.zip Antivirus2010.exe AntivirusPlatinum.exe AntivirusPlatinum.zip AntivirusPro2017.exe AntivirusPro2017.zip Antivirus_Installer.exe Application Petya screen locker.exe Aramaware.zip Artemis.exe Astranizer.exe Astranizer2.0.exe Avoid.exe Avoid.zip BG.png BUG32.exe BUG32.zip BadRabbit.exe BadRabbit.zip BaldiTrojan-x32.exe BaldiTrojan-x64.exe Bat To Exe Converter.rar BatchPower1.zip Benzene Trojan.rar Benzene.exe Birele.exe Birele.zip BitBlt.exe Bitmap2.exe Bitmap2_GDIOnly.exe BlackCatRansomware.rar BlackEnergy2.1.exe Bonzify.exe Bonzify.zip BossDaMajor.exe Brave Setup.exe Busy Real2.0.exe Busy.Trojan.exe Catware•WinLocker.exe Cerber5.exe Cerber5.zip Chaos Ransomware Builder.exe Chaos Ransomware Builder.zip Chernobyl.exe ChilledWindows.exe ChilledWindows.zip Chimera.exe Chimera.zip Chlorine 2.0.7z Chris@Spark.exe Chrome_T-Rex.exe Clay.zip CleanThis.exe CleanThis.zip Clutt4-Clean.exe Clutt4-Destructive.exe Clutt4.5 Builder.exe Clutt4.5.exe Clutt4.5.zip Clutt4.zip Clutt6.6.6.exe CmdRegCleaner.exe CmdRegCleaner.zip CoViper.exe Coffin32.exe Cohr.exe Coinvault&bitcryptor_decrypter.zip ColorBug.exe ColorBug.zip ColorCs.exe ConsoleApp1.exe Convert_mp4_to_mkv.exe CookieClickerHack.exe CookieClickerHack.zip CoreR.exe CoronaVirus.exe CoronaVirus.zip Covid-666.exe CrazyNCS.exe CrazyNCS.zip CryptoLocker.exe CryptoLocker.zip CryptoLocker_22Jan2014.exe CryptoWall.exe CryptoWall.zip Cs_Hacks_Free_no_hacks.exe Curfun.exe Curfun.zip Cyborg Builder Ransomware V 1.0.exe Cyborg Builder Ransomware V 1.0.zip DETCEFNINIW.exe DETCEJENIW.rar Daily Dose of Malware.zip DeathPlus.zip DeriaLock.exe DeriaLock.zip Deskbottom.exe DesktopBoom.exe DesktopBoom.zip DesktopGoose v0.3.exe DesktopGoose v0.3.zip DesktopPuzzle.exe DesktopPuzzle.zip Dharma.exe Dimethylcadmium.exe Dioxide.exe DiskFucker.exe DittoDestructive.exe DomenicoBini.exe Driver Easy.exe Dro trojan. Virus prank.exe Duqu2.exe EliteMonitor.exe Endermanch@000.exe Evascape.exe EvilQuest.zip EvilSelenium.exe FFProInstall.exe FaZoN.bat Fack.jpg Fake Nvidia installer.7z FakeActivation.exe FakeActivation.zip FakeAdwCleaner.exe FakeAdwCleaner.zip FakeMEMZ Clean.exe FakeMEMZ.Destructive.exe FakeMEMZ.Peaceful.exe FakePetya.zip FakeWindowsUpdate.zip Fantom.exe Fantom.zip FileDeleter.rar Fizz.exe Flasher.exe Flasher.zip Fortect.exe FreeYoutubeDownloader.exe GandCrab.exe Glodrix.exe GoldenEye Builder.exe GoldenEye Builder.exe.config GoldenEye Builder.zip GoldenEye.Builder.exe Goldeneye_rebuild.zip GolderFuck.zip Gruel.exe Gruel.zip Guide.7z HE0450-2958.exe HE0450-2958.rar HMBlocker.exe HMBlocker.zip HURR-DURR.zip HY76SG38.exe Halloware #READ ME#.txt Halloware (BerkayV).exe Halloware_BerkayV.zip HalloweenLocker.exe HalloweenLocker.zip Happy99.exe Happy99.zip HappyAntivirus.exe HappyAntivirus.zip Hello.exe Hexjan.exe HollowKnight.exe HollowKnight.zip Holzer.exe Holzer.zip HorrorBob2.exe HorrorRansom2.zip HorrorTrojan Special Edition.zip HorrorTrojan123.exe HorrorTrojan5.zip HorrorTubbies 1.0.exe HorrorTubbies-main.7z HostsFucker.exe HtkLkr.exe Hydra.exe Hydra.zip Hydrogen.exe Hydromatic.exe Hyptonium.exe Illerka.C.exe Illerka.C.zip Illuminati.exe Illuminati.zip InfiniteBlue.exe InfiniteBlue_2.exe InfinityCrypt.exe InfinityCrypt.zip Install Windows20.7z InstallWinFx.exe Interim.exe InternetSecurityGuard.exe InternetSecurityGuard.zip Itachi14.rar ItachiNoSleep2.exe ItachiRansomwareLock.exe Jigsaw.exe Jigsaw.zip JigsawRansomware.exe Joke Program.bat Joke.WindowBlock.exe Joke.zip JustCrypt0r.exe JustCrypt0r.zip Karma.exe Karma.zip KingHamlet.exe Kirurg v2.exe Kirurg.exe Kirurg_remsaterd.exe Koteyka2.exe Krotten.exe Krotten.zip LOIC.exe LOL.exe LOL.zip LPS2019.exe LSDG.zip Launcher.exe Launcher.zip LetsBuildRansomware.exe Linux.Wirenet.exe Live Protection Suite 2019.exe Live Protection Suite 2019.zip Locky.AZ.exe Locky.exe Locky.zip Log4J Malware.rar LogonFuck Peaceful.exe LogonFuck.exe LogonFuck.zip LoselconIw.exe Losinium.zip M0dules.exe MBR - Image Builder.exe MBR - Note Builder.exe MBRLock.exe MBRLock.zip MCrypt2018.exe MCrypt2018.zip MEMZ 4.0 Clean.zip MEMZ DPI.exe MEMZ-Clean.bat MEMZ-Clean.exe MEMZ-Clone.exe MEMZ-Clone.zip MEMZ-Destructive.bat MEMZ-Destructive.exe MEMZ.exe MEMZ.zip MEMZ1.0.exe MEMZ1.1.exe MEMZ2.0.exe MEMZ3.0.exe MEMZ4.0.exe MEMZTrojan.exe MLG.exe MLG.zip MS-RickRoll.exe Malware Collection v1.rar Malware Collection v2.rar Malware Collection v3.rar Malware Collection v4.rar Malware Collection v5.rar Malware Collection v6.rar Malware Collection v7.rar Malware-downloader.exe Mamba.exe Mamba.zip MediaCreationTool.exe Melting.exe Melting.zip MercuryC.exe MercuryXhoffle.exe Mercuryx86.zip Microsoft Windows Succ Panel.exe Mischa.exe Mischa.zip MischaV2.exe Mistake1.0 Destructive Release.exe Mistake1.0 destructive beta.exe Mistake2.0 Control.exe Mistake2.0 Destructive.exe Mistake3.0 Destructive beta.exe MomoxemooDestructive.exe Monoxide GDI 3.0.rar Monoxidex64.GDI.exe Monoxidex64.Sound.exe Monoxidex64.exe Monoxidex86.GDI.exe Monoxidex86.Sound.exe Monoxidex86.exe MoonR.7z MouseVerse.exe Movie.mpeg.exe Movie.mpeg.zip MrHackerGroup.exe MrsMajor2.0.7z MrsMajor3.0.exe MsWorld.exe MsWorld.zip MyDoom.exe MyDoom.zip Mythlas.exe NavaShield.exe NavaShield.zip Neptunium.exe NetPakoe.bat NetPakoe3.0.exe NetSky.exe NetSky.zip NitroGen.exe NitroGen.zip NoEscape-Clone.exe NoEscape-Clone.zip NoEscape.exe NoEscape8.0.exe NoMoreRansom.exe NoMoreRansom.zip NoWay Launcher.exe Not a Forkbomb 2.cmd NotPetya.exe NotSolaris.exe Notepad Spam.zip OMG.exe OSX_Wirenet.exe Outbyte PC Repair.exe PC shaking v4.0.exe PCDefender v2.zip PCDefender.exe PCDefender.zip PCDefenderv2.msi PCOptimizerPro.zip PCShredder.exe PCShredder.zip PE!.exe Parrot.exe Parrot.zip PetrWrap(Patched).exe PetrWrap.exe PetrWrap.zip Petya.A.exe Petya.exe Petya.zip PetyaBuilder.zip PetyaDecryptor.7z Phsyletric.exe Pikachu.exe Pikachu.zip Plantilla por si la quieren.jpeg Plutonium (Revived Version).exe Plutonium.exe Polaris.7z Polaris.exe Polaris2.0.exe PolyRansom.exe PolyRansom.zip Popup.exe Popup.zip PowerPoint 2019.exe PowerPoint.exe PowerPoint.zip ProgramOverflow.exe Pyro.exe Quarknova.exe RBXMCPQKVAOE.exe README!!!!.txt README!!!.txt README!.txt README.md README.txt Rably.exe RansomBuilder.zip Ransomware.Locky.exe Readme.txt RealBSOD.exe Rebcoana README.txt Rebcoana.exe Rebcoana.rar Rebcoana.zip RectylescOS11.exe RedBoot.exe RedBoot.zip RedDeath.exe RedEye.exe RedEye.zip RegFuck.exe RegFuck.zip RegistrySmart.exe RegistrySmart.zip Rensenware.exe Rensenware.zip Rensenware_forcer.exe Roentgenium.exe Rokku.exe Rokku.zip Rubly.zip Rust-Ransomware.exe SE2011.exe SE2011.zip Saitama.exe Saitama.zip Sankylium.exe Satana.zip Saturn.exe ScaryInstaller.exe Scorpion Virus.exe Scorpion Virus.zip ScreenScrew.exe ScreenScrew.zip Security Central.zip Security Defender 2015.zip Security Defender.zip Security Scanner.zip SecurityCentral.exe SecurityDefender.exe SecurityDefender2015.exe SecurityDefener2015.exe SecurityScanner.exe Seftad.exe Seftad.zip Serafin.exe Setup - ItachiContactSecure.exe Shadow Defender.exe Sheld.exe SimpleTaskManager.exe Skywiper-A.Flame.exe Smart Defragmenter.zip SmartDefragmenter.exe SnakeRansom.zip Sofanium.exe Spark.exe Spark.zip Spirit.exe SpongebobFuck.exe StalinLocker.exe StalinLocker.zip SumoX64 safety.exe SumoX64.exe SumoX86 safety.exe SumoX86.exe SuperDeath2.exe SuperDeath3.exe SystemBlocker.zip TEMZ.exe TaskILL.exe TaskILL.zip Terminator.exe TestVirus.zip Thallium.exe TheCoolCat-Final.exe TheCoolCat.exe TheEchoOfFear (Special Edition).rar Time.exe Time.zip TimeFuck.exe TimeFuck.zip Transmit.exe TrashDestruct.7z Trihydridoarsenic.exe Trojan.Loadmoney.exe Trojan.Ransom.Covid-666.exe Trojan.Ransom.Giuliano.zip Trojan.exe TrojanXD-clean.exe TrollRAT.exe Trololo.exe Trololo.zip Trycolix.exe Trycolix.rar Trycolix.zip UIWIX.exe UnamBinder.exe Underwater.exe Universal-USB-Installer-2.0.1.0.exe Unlock Virus.txt UserOverflow.exe V-Bucks Generator.exe V-Bucks Generator.zip VAV2008.exe VAV2008.zip Vanadium.exe Vichingo455-MEMZ.zip Vichingo455@Annabelle.exe Vichingo455@PCOptimizerPro.exe Vichingo455@Virus Maker.exe ViraLock.exe ViraLock.zip Viral Ransomware 3.0.zip Virus Maker.exe Virus Maker.zip Virus.exe Virus_Destructive.zip Vista.exe Vista.zip VoiceChanger32(1.66).exe VoiceChanger64f(1.66).exe WISEA J171227.81-232210.7.exe WannaCry.exe WannaCry.zip WannaCryPlus.zip WannaCrypt0r.exe White.exe White.zip Win10.Update-kb8723467.msi Win32.Infostealer.Dexter.exe Win7Recovery.exe Win7Recovery.zip WinRAR.zip Windows 11.exe Windows 11.zip Windows Accelerator Pro.zip Windows Power Tools.exe Windows Power Tools.zip Windows Update.exe Windows-KB2670838.msu.exe Windows.11.Compatibility.Checker.exe Windows.Malware.Effects.Remediation.Tool.exe WindowsAcceleratorPro.exe WindowsUpdate.exe WindowsUpdate.zip WinlockerVB6Blacksod.exe WinlockerVB6Blacksod.zip WolframAV.exe WolframAV.zip Worm Locker 2.0.zip XDos.exe XFileCorrupter.exe XFileCorrupter.zip XPAntivirus2008.exe XPAntivirus2008.ico XPAntivirus2008.zip XXX.zip Xenon.exe Xyeta clean.exe Xyeta.exe Xyeta.zip Xylitol.exe YouAreAnIdiot.zip ZeusGameover_Feb2014.exe ZippedFiles.exe ZippedFiles.zip advokenop.exe androfucker_v1.0.zip baritone.exe blue_skull.zip bmp.exe bmp_GDIOnly.exe clutt6.6.6 - by CYBER SOLDIER.rar clutt6.6.6.rar conti_v3.rar cuppotrium.rar darkness.exe ddom.exe ddostool.bat decrypt_777.exe decrypt_Jigsaw.exe dobrota.exe dobrota_clean.exe even0.5.exe exel_icon.ico fixiki.exe fpfstb.dll free r0bax hack (2 versions).rar gif.7z hi2.0.exe hydrogen.exe hydrogen0.25.exe icefun.rar itachi.exe log4jscan.zip lsd.exe malware.exe mbrrrrrrrrrrr.exe memz.exe mrsmajor.exe msgspammer.bat msvcp140d.dll neptunium.exe netfx3_enable.bat newyear_trojan_2022.exe nuget.exe obrinty 0.6.exe obrinty 0.9.exe openrct2.exe petya-580x335.png petya_ransomware.jpg putty.exe ransom_builder.exe ransomnote.exe registry otval.rar rickraas.py rickroll.exe satan.exe separatum.zip setup.exe slam ransomware builder installer.exe slamransomware.txt sqlite3.dll structdestr.7z teslacrypt.zip thematrix.bat trojan.ransom.devilransom.zip trojangen.bat u.exe uac.exe ucrtbased.dll vcruntime140.dll vcruntime140d.dll venus.exe vinememz.txt vmac_v1.0.4-win32.exe wanacry decryptor.zip weblector-setup.exe wfc6setup.exe winDelete-DestructiveV3.exe winDelete-New.rar winDelete.exe winDelete.rar winbmpdestructive.rar windows.exe winnit6.6.6 V10.exe winnit6.6.6_V6.exe winvbsdescrutive.exe wrar401.exe x2s443bc.cs1.exe x86-stdout.vbs yesisdied.exe youaredied.zip yttrium.exe zip_bomb_42.zip ß.exe ő (en).bat ő (en).exe ƁĕӊίᾓďƳỡטּ.exe ƁĕӊίᾓďƳỡטּ.zip
PayloadFileTreeItemsPath:	000 virus 666 ADs_TFA1206 Banking-Malware Batchs Botnets Browser Hijackers CIH (Win32) Chimichi Clay Coffin32 CoreR Trojan DittoDestructive Email-Worm.Win32.Magistr Email-Worm.Win32.Maldal Email-Worm.Win32.MeltingScreen Email-Worm EternalBlue EvilQuest Exploits Fake GoldenEye Fake PetrWrap HURR-DURR Hachi Hello Holzer Holzery HtkLkr Hungadian Hyptonize Interim Itachi14 ItachiNoSleep JanusPetya Ransomware Joke Programs Joke.Win32.Badgame Joke.Win32.FakePetya Joke LAndy@Clean LivingDeath LoselconIw Lumitium MEMZ 4.0 Clean Mist (Win32) Monster Ransomware (second new version) Monster Ransomware MrsMajor Net-Worm.Win32.Opaserv Net-Worm NotMyFault Notepad Spam OIETIF OneHalf OneLastSong-main PCToaster PUP Petya PetyaMFTDestroyer Pony Quarknova RAT Ransomware SOCIAL CREDIT TEST (virus) Satana SnakeRansom Spyware Stealer Trojan.ROTANOTEDKSID Trojan.Ransom.GoldenEye Trojan.Ransom.NotPetya Trojan.Ransom.PetrWrap Trojan.VBS.Bolbi Trojan.Win32.Alerta Trojan.Win32.IconDance Trojan.Win32.Sevgi Trojan.Win32.Whiter Trojan.Win9x.FlashKiller Trojan Ultra Defender Viper Ransomware Viral Ransomware 3.0 Virus.Boot-DOS.Implant Virus.Boot-DOS.LivingDeath Virus.Boot-DOS.Prowler Virus.DOS.Abraxas Virus.DOS.Barrotes Virus.DOS.Billiard Virus.DOS.Christmas Virus.DOS.Claudia Virus.DOS.Devil Virus.DOS.Diamond Virus.DOS.Executioner Virus.DOS.Holiday Virus.DOS.Immortal Virus.DOS.Italian Virus.DOS.Karina Virus.DOS.Kwok Virus.DOS.LSD Virus.DOS.Lichen Virus.DOS.Morphine Virus.DOS.OneHalf Virus.DOS.PZ Virus.DOS.RSA Virus.DOS.RTL Virus.DOS.Radio Virus.DOS.Raving Virus.DOS.Satanic Virus.DOS.Skynet Virus.DOS.Sov Virus.DOS.Suicide Virus.DOS.TPE.Kela Virus.DOS.Techno Virus.DOS.Ukraine Virus.DOS.Walker Virus.VBS.Karma Virus.Win16.Apparition Virus.Win16.Gollum Virus.Win32.Antares Virus.Win32.Rigel Virus.Win32.Winfig Virus.Win9x.CIH (Infected AlZip program) Virus.Win9x.CIH Virus.Win9x.Prizm Virus.Win9x.Shoerec Virus.Win9x.Smash Virus WannaCryPlus WannaCrypt0r Worm Locker 2.0 Worm XXX Xylitol YouAreAnIdiot Zepa blue_skull cuppotrium deckufniw 1.1 dobrota inoccoece loh_trojan modos-main nttdsl photenium rogues slam-ransomware-main takinium winDelete-New winbmpdestructive #READ ME#.txt $uckyLocker.exe 000.exe 000.zip 0x07.exe 1234.jpg 25b4699a7b9eeb15e85525d843d4ab05e94d43f3202136927e13b3ebafa153525.exe 5_6077904848743826573.exe 666.zip 7ev3n.exe 7ev3n.zip 86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f.exe @_.rar ADs_TFA1206.rar AIDS_NT.exe Abantes (1).zip Activation.reg AdStRkJ.7z Amoguz Meme.exe AnViPC2009.exe AnViPC2009.zip Ana.exe Android.Spy.49_iBanking_Feb2014.exe Annabelle.zip AnnoyingPingPong.exe Antivirus 2010.zip Antivirus.exe Antivirus.zip Antivirus2010.exe AntivirusPlatinum.exe AntivirusPlatinum.zip AntivirusPro2017.exe AntivirusPro2017.zip Antivirus_Installer.exe Application Petya screen locker.exe Aramaware.zip Artemis.exe Astranizer.exe Astranizer2.0.exe Avoid.exe Avoid.zip BG.png BUG32.exe BUG32.zip BadRabbit.exe BadRabbit.zip BaldiTrojan-x32.exe BaldiTrojan-x64.exe Bat To Exe Converter.rar BatchPower1.zip Benzene Trojan.rar Benzene.exe Birele.exe Birele.zip BitBlt.exe Bitmap2.exe Bitmap2_GDIOnly.exe BlackCatRansomware.rar BlackEnergy2.1.exe Bonzify.exe Bonzify.zip BossDaMajor.exe Brave Setup.exe Busy Real2.0.exe Busy.Trojan.exe Catware•WinLocker.exe Cerber5.exe Cerber5.zip Chaos Ransomware Builder.exe Chaos Ransomware Builder.zip Chernobyl.exe ChilledWindows.exe ChilledWindows.zip Chimera.exe Chimera.zip Chlorine 2.0.7z Chris@Spark.exe Chrome_T-Rex.exe Clay.zip CleanThis.exe CleanThis.zip Clutt4-Clean.exe Clutt4-Destructive.exe Clutt4.5 Builder.exe Clutt4.5.exe Clutt4.5.zip Clutt4.zip Clutt6.6.6.exe CmdRegCleaner.exe CmdRegCleaner.zip CoViper.exe Coffin32.exe Cohr.exe Coinvault&bitcryptor_decrypter.zip ColorBug.exe ColorBug.zip ColorCs.exe ConsoleApp1.exe Convert_mp4_to_mkv.exe CookieClickerHack.exe CookieClickerHack.zip CoreR.exe CoronaVirus.exe CoronaVirus.zip Covid-666.exe CrazyNCS.exe CrazyNCS.zip CryptoLocker.exe CryptoLocker.zip CryptoLocker_22Jan2014.exe CryptoWall.exe CryptoWall.zip Cs_Hacks_Free_no_hacks.exe Curfun.exe Curfun.zip Cyborg Builder Ransomware V 1.0.exe Cyborg Builder Ransomware V 1.0.zip DETCEFNINIW.exe DETCEJENIW.rar Daily Dose of Malware.zip DeathPlus.zip DeriaLock.exe DeriaLock.zip Deskbottom.exe DesktopBoom.exe DesktopBoom.zip DesktopGoose v0.3.exe DesktopGoose v0.3.zip DesktopPuzzle.exe DesktopPuzzle.zip Dharma.exe Dimethylcadmium.exe Dioxide.exe DiskFucker.exe DittoDestructive.exe DomenicoBini.exe Driver Easy.exe Dro trojan. Virus prank.exe Duqu2.exe EliteMonitor.exe Endermanch@000.exe Evascape.exe EvilQuest.zip EvilSelenium.exe FFProInstall.exe FaZoN.bat Fack.jpg Fake Nvidia installer.7z FakeActivation.exe FakeActivation.zip FakeAdwCleaner.exe FakeAdwCleaner.zip FakeMEMZ Clean.exe FakeMEMZ.Destructive.exe FakeMEMZ.Peaceful.exe FakePetya.zip FakeWindowsUpdate.zip Fantom.exe Fantom.zip FileDeleter.rar Fizz.exe Flasher.exe Flasher.zip Fortect.exe FreeYoutubeDownloader.exe GandCrab.exe Glodrix.exe GoldenEye Builder.exe GoldenEye Builder.exe.config GoldenEye Builder.zip GoldenEye.Builder.exe Goldeneye_rebuild.zip GolderFuck.zip Gruel.exe Gruel.zip Guide.7z HE0450-2958.exe HE0450-2958.rar HMBlocker.exe HMBlocker.zip HURR-DURR.zip HY76SG38.exe Halloware #READ ME#.txt Halloware (BerkayV).exe Halloware_BerkayV.zip HalloweenLocker.exe HalloweenLocker.zip Happy99.exe Happy99.zip HappyAntivirus.exe HappyAntivirus.zip Hello.exe Hexjan.exe HollowKnight.exe HollowKnight.zip Holzer.exe Holzer.zip HorrorBob2.exe HorrorRansom2.zip HorrorTrojan Special Edition.zip HorrorTrojan123.exe HorrorTrojan5.zip HorrorTubbies 1.0.exe HorrorTubbies-main.7z HostsFucker.exe HtkLkr.exe Hydra.exe Hydra.zip Hydrogen.exe Hydromatic.exe Hyptonium.exe Illerka.C.exe Illerka.C.zip Illuminati.exe Illuminati.zip InfiniteBlue.exe InfiniteBlue_2.exe InfinityCrypt.exe InfinityCrypt.zip Install Windows20.7z InstallWinFx.exe Interim.exe InternetSecurityGuard.exe InternetSecurityGuard.zip Itachi14.rar ItachiNoSleep2.exe ItachiRansomwareLock.exe Jigsaw.exe Jigsaw.zip JigsawRansomware.exe Joke Program.bat Joke.WindowBlock.exe Joke.zip JustCrypt0r.exe JustCrypt0r.zip Karma.exe Karma.zip KingHamlet.exe Kirurg v2.exe Kirurg.exe Kirurg_remsaterd.exe Koteyka2.exe Krotten.exe Krotten.zip LOIC.exe LOL.exe LOL.zip LPS2019.exe LSDG.zip Launcher.exe Launcher.zip LetsBuildRansomware.exe Linux.Wirenet.exe Live Protection Suite 2019.exe Live Protection Suite 2019.zip Locky.AZ.exe Locky.exe Locky.zip Log4J Malware.rar LogonFuck Peaceful.exe LogonFuck.exe LogonFuck.zip LoselconIw.exe Losinium.zip M0dules.exe MBR - Image Builder.exe MBR - Note Builder.exe MBRLock.exe MBRLock.zip MCrypt2018.exe MCrypt2018.zip MEMZ 4.0 Clean.zip MEMZ DPI.exe MEMZ-Clean.bat MEMZ-Clean.exe MEMZ-Clone.exe MEMZ-Clone.zip MEMZ-Destructive.bat MEMZ-Destructive.exe MEMZ.exe MEMZ.zip MEMZ1.0.exe MEMZ1.1.exe MEMZ2.0.exe MEMZ3.0.exe MEMZ4.0.exe MEMZTrojan.exe MLG.exe MLG.zip MS-RickRoll.exe Malware Collection v1.rar Malware Collection v2.rar Malware Collection v3.rar Malware Collection v4.rar Malware Collection v5.rar Malware Collection v6.rar Malware Collection v7.rar Malware-downloader.exe Mamba.exe Mamba.zip MediaCreationTool.exe Melting.exe Melting.zip MercuryC.exe MercuryXhoffle.exe Mercuryx86.zip Microsoft Windows Succ Panel.exe Mischa.exe Mischa.zip MischaV2.exe Mistake1.0 Destructive Release.exe Mistake1.0 destructive beta.exe Mistake2.0 Control.exe Mistake2.0 Destructive.exe Mistake3.0 Destructive beta.exe MomoxemooDestructive.exe Monoxide GDI 3.0.rar Monoxidex64.GDI.exe Monoxidex64.Sound.exe Monoxidex64.exe Monoxidex86.GDI.exe Monoxidex86.Sound.exe Monoxidex86.exe MoonR.7z MouseVerse.exe Movie.mpeg.exe Movie.mpeg.zip MrHackerGroup.exe MrsMajor2.0.7z MrsMajor3.0.exe MsWorld.exe MsWorld.zip MyDoom.exe MyDoom.zip Mythlas.exe NavaShield.exe NavaShield.zip Neptunium.exe NetPakoe.bat NetPakoe3.0.exe NetSky.exe NetSky.zip NitroGen.exe NitroGen.zip NoEscape-Clone.exe NoEscape-Clone.zip NoEscape.exe NoEscape8.0.exe NoMoreRansom.exe NoMoreRansom.zip NoWay Launcher.exe Not a Forkbomb 2.cmd NotPetya.exe NotSolaris.exe Notepad Spam.zip OMG.exe OSX_Wirenet.exe Outbyte PC Repair.exe PC shaking v4.0.exe PCDefender v2.zip PCDefender.exe PCDefender.zip PCDefenderv2.msi PCOptimizerPro.zip PCShredder.exe PCShredder.zip PE!.exe Parrot.exe Parrot.zip PetrWrap(Patched).exe PetrWrap.exe PetrWrap.zip Petya.A.exe Petya.exe Petya.zip PetyaBuilder.zip PetyaDecryptor.7z Phsyletric.exe Pikachu.exe Pikachu.zip Plantilla por si la quieren.jpeg Plutonium (Revived Version).exe Plutonium.exe Polaris.7z Polaris.exe Polaris2.0.exe PolyRansom.exe PolyRansom.zip Popup.exe Popup.zip PowerPoint 2019.exe PowerPoint.exe PowerPoint.zip ProgramOverflow.exe Pyro.exe Quarknova.exe RBXMCPQKVAOE.exe README!!!!.txt README!!!.txt README!.txt README.md README.txt Rably.exe RansomBuilder.zip Ransomware.Locky.exe Readme.txt RealBSOD.exe Rebcoana README.txt Rebcoana.exe Rebcoana.rar Rebcoana.zip RectylescOS11.exe RedBoot.exe RedBoot.zip RedDeath.exe RedEye.exe RedEye.zip RegFuck.exe RegFuck.zip RegistrySmart.exe RegistrySmart.zip Rensenware.exe Rensenware.zip Rensenware_forcer.exe Roentgenium.exe Rokku.exe Rokku.zip Rubly.zip Rust-Ransomware.exe SE2011.exe SE2011.zip Saitama.exe Saitama.zip Sankylium.exe Satana.zip Saturn.exe ScaryInstaller.exe Scorpion Virus.exe Scorpion Virus.zip ScreenScrew.exe ScreenScrew.zip Security Central.zip Security Defender 2015.zip Security Defender.zip Security Scanner.zip SecurityCentral.exe SecurityDefender.exe SecurityDefender2015.exe SecurityDefener2015.exe SecurityScanner.exe Seftad.exe Seftad.zip Serafin.exe Setup - ItachiContactSecure.exe Shadow Defender.exe Sheld.exe SimpleTaskManager.exe Skywiper-A.Flame.exe Smart Defragmenter.zip SmartDefragmenter.exe SnakeRansom.zip Sofanium.exe Spark.exe Spark.zip Spirit.exe SpongebobFuck.exe StalinLocker.exe StalinLocker.zip SumoX64 safety.exe SumoX64.exe SumoX86 safety.exe SumoX86.exe SuperDeath2.exe SuperDeath3.exe SystemBlocker.zip TEMZ.exe TaskILL.exe TaskILL.zip Terminator.exe TestVirus.zip Thallium.exe TheCoolCat-Final.exe TheCoolCat.exe TheEchoOfFear (Special Edition).rar Time.exe Time.zip TimeFuck.exe TimeFuck.zip Transmit.exe TrashDestruct.7z Trihydridoarsenic.exe Trojan.Loadmoney.exe Trojan.Ransom.Covid-666.exe Trojan.Ransom.Giuliano.zip Trojan.exe TrojanXD-clean.exe TrollRAT.exe Trololo.exe Trololo.zip Trycolix.exe Trycolix.rar Trycolix.zip UIWIX.exe UnamBinder.exe Underwater.exe Universal-USB-Installer-2.0.1.0.exe Unlock Virus.txt UserOverflow.exe V-Bucks Generator.exe V-Bucks Generator.zip VAV2008.exe VAV2008.zip Vanadium.exe Vichingo455-MEMZ.zip Vichingo455@Annabelle.exe Vichingo455@PCOptimizerPro.exe Vichingo455@Virus Maker.exe ViraLock.exe ViraLock.zip Viral Ransomware 3.0.zip Virus Maker.exe Virus Maker.zip Virus.exe Virus_Destructive.zip Vista.exe Vista.zip VoiceChanger32(1.66).exe VoiceChanger64f(1.66).exe WISEA J171227.81-232210.7.exe WannaCry.exe WannaCry.zip WannaCryPlus.zip WannaCrypt0r.exe White.exe White.zip Win10.Update-kb8723467.msi Win32.Infostealer.Dexter.exe Win7Recovery.exe Win7Recovery.zip WinRAR.zip Windows 11.exe Windows 11.zip Windows Accelerator Pro.zip Windows Power Tools.exe Windows Power Tools.zip Windows Update.exe Windows-KB2670838.msu.exe Windows.11.Compatibility.Checker.exe Windows.Malware.Effects.Remediation.Tool.exe WindowsAcceleratorPro.exe WindowsUpdate.exe WindowsUpdate.zip WinlockerVB6Blacksod.exe WinlockerVB6Blacksod.zip WolframAV.exe WolframAV.zip Worm Locker 2.0.zip XDos.exe XFileCorrupter.exe XFileCorrupter.zip XPAntivirus2008.exe XPAntivirus2008.ico XPAntivirus2008.zip XXX.zip Xenon.exe Xyeta clean.exe Xyeta.exe Xyeta.zip Xylitol.exe YouAreAnIdiot.zip ZeusGameover_Feb2014.exe ZippedFiles.exe ZippedFiles.zip advokenop.exe androfucker_v1.0.zip baritone.exe blue_skull.zip bmp.exe bmp_GDIOnly.exe clutt6.6.6 - by CYBER SOLDIER.rar clutt6.6.6.rar conti_v3.rar cuppotrium.rar darkness.exe ddom.exe ddostool.bat decrypt_777.exe decrypt_Jigsaw.exe dobrota.exe dobrota_clean.exe even0.5.exe exel_icon.ico fixiki.exe fpfstb.dll free r0bax hack (2 versions).rar gif.7z hi2.0.exe hydrogen.exe hydrogen0.25.exe icefun.rar itachi.exe log4jscan.zip lsd.exe malware.exe mbrrrrrrrrrrr.exe memz.exe mrsmajor.exe msgspammer.bat msvcp140d.dll neptunium.exe netfx3_enable.bat newyear_trojan_2022.exe nuget.exe obrinty 0.6.exe obrinty 0.9.exe openrct2.exe petya-580x335.png petya_ransomware.jpg putty.exe ransom_builder.exe ransomnote.exe registry otval.rar rickraas.py rickroll.exe satan.exe separatum.zip setup.exe slam ransomware builder installer.exe slamransomware.txt sqlite3.dll structdestr.7z teslacrypt.zip thematrix.bat trojan.ransom.devilransom.zip trojangen.bat u.exe uac.exe ucrtbased.dll vcruntime140.dll vcruntime140d.dll venus.exe vinememz.txt vmac_v1.0.4-win32.exe wanacry decryptor.zip weblector-setup.exe wfc6setup.exe winDelete-DestructiveV3.exe winDelete-New.rar winDelete.exe winDelete.rar winbmpdestructive.rar windows.exe winnit6.6.6 V10.exe winnit6.6.6_V6.exe winvbsdescrutive.exe wrar401.exe x2s443bc.cs1.exe x86-stdout.vbs yesisdied.exe youaredied.zip yttrium.exe zip_bomb_42.zip ß.exe ő (en).bat ő (en).exe ƁĕӊίᾓďƳỡטּ.exe ƁĕӊίᾓďƳỡטּ.zip
PayloadFileTreeTotalCount:	815
PayloadFileTreeRansomwareItemsContentType:	directory file file file file file file file file file file file file file file file file file file file file file file file file file file
PayloadFileTreeRansomwareItemsName:	GoldenEye $uckyLocker.exe 7ev3n.exe BadRabbit.exe Birele.exe Cerber5.exe DeriaLock.exe Dharma.exe Fantom.exe GandCrab.exe InfinityCrypt.exe Krotten.exe Locky.AZ.exe NoMoreRansom.exe NotPetya.exe Petya.A.exe PolyRansom.exe PowerPoint.exe RedEye.exe Rensenware.exe SporaRansomware.exe UIWIX.exe ViraLock.exe WannaCry.exe WinlockerVB6Blacksod.exe Xyeta.exe satan.exe
PayloadFileTreeRansomwareItemsPath:	Ransomware/GoldenEye Ransomware/$uckyLocker.exe Ransomware/7ev3n.exe Ransomware/BadRabbit.exe Ransomware/Birele.exe Ransomware/Cerber5.exe Ransomware/DeriaLock.exe Ransomware/Dharma.exe Ransomware/Fantom.exe Ransomware/GandCrab.exe Ransomware/InfinityCrypt.exe Ransomware/Krotten.exe Ransomware/Locky.AZ.exe Ransomware/NoMoreRansom.exe Ransomware/NotPetya.exe Ransomware/Petya.A.exe Ransomware/PolyRansom.exe Ransomware/PowerPoint.exe Ransomware/RedEye.exe Ransomware/Rensenware.exe Ransomware/SporaRansomware.exe Ransomware/UIWIX.exe Ransomware/ViraLock.exe Ransomware/WannaCry.exe Ransomware/WinlockerVB6Blacksod.exe Ransomware/Xyeta.exe Ransomware/satan.exe
PayloadFileTreeRansomwareTotalCount:	27
PayloadFileTreeProcessingTime:	249.45605
PayloadPath:	Ransomware/BadRabbit.exe
PayloadReducedMotionEnabled:	null
PayloadRefInfoCanEdit:	-
PayloadRefInfoCurrentOid:	ab33000abe1b26fcbdaa4fc6f535de5afc8f7e25
PayloadRefInfoListCacheKey:	v0:1659434254.1775382
PayloadRefInfoName:	main
PayloadRefInfoRefType:	branch
PayloadRepoCreatedAt:	2021-10-02T11:22:52.000Z
PayloadRepoCurrentUserCanPush:	-
PayloadRepoDefaultBranch:	main
PayloadRepoId:	412775311
PayloadRepoIsEmpty:	-
PayloadRepoIsFork:	-
PayloadRepoIsOrgOwned:	-
PayloadRepoName:	Malware-Collection-Part-2
PayloadRepoOwnerAvatar:	https://avatars.githubusercontent.com/u/71582475?v=4
PayloadRepoOwnerLogin:	Zusyaku
PayloadRepoPrivate:	-
PayloadRepoPublic:
PayloadSymbolsExpanded:	-
PayloadTreeExpanded:
Title:	Malware-Collection-Part-2/Ransomware/BadRabbit.exe at main · Zusyaku/Malware-Collection-Part-2

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

120

"C:\Windows\system32\ntvdm.exe" -i1

C:\Windows\System32\ntvdm.exe

—

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

NTVDM.EXE

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\ntvdm.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

332

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=4272 --field-trial-handle=1184,i,10883338599166317368,12998740964255942869,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

—

chrome.exe

User:

admin

Company:

Google LLC

Integrity Level:

LOW

Description:

Google Chrome

Exit code:

Version:

109.0.5414.120

Modules

Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

552

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2432 --field-trial-handle=1184,i,10883338599166317368,12998740964255942869,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

—

chrome.exe

User:

admin

Company:

Google LLC

Integrity Level:

LOW

Description:

Google Chrome

Exit code:

Version:

109.0.5414.120

Modules

Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

1036

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=3512 --field-trial-handle=1184,i,10883338599166317368,12998740964255942869,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

—

chrome.exe

User:

admin

Company:

Google LLC

Integrity Level:

LOW

Description:

Google Chrome

Exit code:

Version:

109.0.5414.120

Modules

Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

1112

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=1620 --field-trial-handle=1184,i,10883338599166317368,12998740964255942869,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

—

chrome.exe

User:

admin

Company:

Google LLC

Integrity Level:

LOW

Description:

Google Chrome

Exit code:

Version:

109.0.5414.120

Modules

Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

1384

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=2060 --field-trial-handle=1184,i,10883338599166317368,12998740964255942869,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

—

chrome.exe

User:

admin

Company:

Google LLC

Integrity Level:

LOW

Description:

Google Chrome

Exit code:

Version:

109.0.5414.120

Modules

Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

1540

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2144 --field-trial-handle=1184,i,10883338599166317368,12998740964255942869,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

—

chrome.exe

User:

admin

Company:

Google LLC

Integrity Level:

LOW

Description:

Google Chrome

Exit code:

Version:

109.0.5414.120

Modules

Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

1572

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=3624 --field-trial-handle=1184,i,10883338599166317368,12998740964255942869,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

—

chrome.exe

User:

admin

Company:

Google LLC

Integrity Level:

LOW

Description:

Google Chrome

Exit code:

Version:

109.0.5414.120

Modules

Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

1596

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=1348 --field-trial-handle=1184,i,10883338599166317368,12998740964255942869,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

chrome.exe

User:

admin

Company:

Google LLC

Integrity Level:

MEDIUM

Description:

Google Chrome

Exit code:

Version:

109.0.5414.120

Modules

Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

1780

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1184,i,10883338599166317368,12998740964255942869,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

—

chrome.exe

User:

admin

Company:

Google LLC

Integrity Level:

LOW

Description:

Google Chrome

Exit code:

Version:

109.0.5414.120

Modules

Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

Add for printing

Total events

2 805

Read events

2 735

Write events

Delete events

Modification events


(PID) Process:	(2076) chrome.exe	Key:	HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:	write	Name:	failed_count
Value: 0
(PID) Process:	(2076) chrome.exe	Key:	HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:	write	Name:	state
Value: 1
(PID) Process:	(2076) chrome.exe	Key:	HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:	write	Name:	StatusCodes
Value: 01000000
(PID) Process:	(2076) chrome.exe	Key:	HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:	write	Name:	state
Value: 2
(PID) Process:	(2076) chrome.exe	Key:	HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:	write	Name:	dr
Value: 1
(PID) Process:	(2076) chrome.exe	Key:	HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
Operation:	write	Name:	user_experience_metrics.stability.exited_cleanly
Value: 1
(PID) Process:	(2076) chrome.exe	Key:	HKEY_CURRENT_USER\Software\Google\Chrome
Operation:	write	Name:	UsageStatsInSample
Value: 0
(PID) Process:	(2076) chrome.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:	write	Name:	usagestats
Value: 0
(PID) Process:	(2076) chrome.exe	Key:	HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:	write	Name:	metricsid_installdate
Value: 0
(PID) Process:	(2076) chrome.exe	Key:	HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:	write	Name:	metricsid_enableddate
Value: 0

Add for printing

Executable files

Suspicious files

695

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2076	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RFe686a.TMP		—
		MD5:—	SHA256:—
2076	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old		—
		MD5:—	SHA256:—
2076	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RFe6889.TMP		text
		MD5:ADB669AB4CD1C63883C64FB0DBA2C7DA	SHA256:18BFF89047EC5B122573D089B3DC7A7DD14A5A7A515B2D8141584B41E723253F
120	ntvdm.exe	C:\Users\admin\AppData\Local\Temp\scsF4E0.tmp		text
		MD5:8CF6DDB5AA59B49F34B967CD46F013B6	SHA256:EE06792197C3E025B84860A72460EAF628C66637685F8C52C5A08A9CC35D376C
2076	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Variations		binary
		MD5:961E3604F228B0D10541EBF921500C86	SHA256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
2076	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat		binary
		MD5:9C016064A1F864C8140915D77CF3389A	SHA256:0E7265D4A8C16223538EDD8CD620B8820611C74538E420A88E333BE7F62AC787
2076	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version		text
		MD5:9F941EA08DBDCA2EB3CFA1DBBBA6F5DC	SHA256:127F71DF0D2AD895D4F293E62284D85971AE047CA15F90B87BF6335898B0B655
2076	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old		text
		MD5:358570F689377CE6838812643E03734B	SHA256:5B41FCC2E1A843AEAB9437B06E27B798870FF10D86A51B163BF48862BCD32590
2076	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RFe6a10.TMP		text
		MD5:C5B082BC8EA6A9BD1DC6782C00A79605	SHA256:6168A9E585264DE05DEE1B67427B1BC277F1B83B9297184EFACC5D3BB061ABDE
2076	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\006052c6-ae75-4a4b-bc46-2e23e3fd9d59.tmp		binary
		MD5:5058F1AF8388633F609CADB75A75DC9D	SHA256:—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

135

DNS requests

195

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
856	svchost.exe	HEAD	200	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/k4ldha5kevpu7qn7k4s3mznvgu_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win32_ad2kbvs6jks3au5dsxn7cqflsiiq.crx3	unknown	—	—	unknown
856	svchost.exe	GET	206	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/k4ldha5kevpu7qn7k4s3mznvgu_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win32_ad2kbvs6jks3au5dsxn7cqflsiiq.crx3	unknown	binary	6.12 Kb	unknown
856	svchost.exe	GET	206	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/k4ldha5kevpu7qn7k4s3mznvgu_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win32_ad2kbvs6jks3au5dsxn7cqflsiiq.crx3	unknown	binary	9.82 Kb	unknown
856	svchost.exe	GET	206	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/k4ldha5kevpu7qn7k4s3mznvgu_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win32_ad2kbvs6jks3au5dsxn7cqflsiiq.crx3	unknown	binary	9.78 Kb	unknown
856	svchost.exe	GET	206	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/k4ldha5kevpu7qn7k4s3mznvgu_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win32_ad2kbvs6jks3au5dsxn7cqflsiiq.crx3	unknown	binary	9.68 Kb	unknown
856	svchost.exe	GET	206	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/k4ldha5kevpu7qn7k4s3mznvgu_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win32_ad2kbvs6jks3au5dsxn7cqflsiiq.crx3	unknown	binary	20.5 Kb	unknown
856	svchost.exe	GET	206	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/k4ldha5kevpu7qn7k4s3mznvgu_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win32_ad2kbvs6jks3au5dsxn7cqflsiiq.crx3	unknown	binary	42.0 Kb	unknown
856	svchost.exe	GET	206	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/k4ldha5kevpu7qn7k4s3mznvgu_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win32_ad2kbvs6jks3au5dsxn7cqflsiiq.crx3	unknown	binary	88.3 Kb	unknown
856	svchost.exe	GET	206	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/k4ldha5kevpu7qn7k4s3mznvgu_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win32_ad2kbvs6jks3au5dsxn7cqflsiiq.crx3	unknown	binary	175 Kb	unknown
856	svchost.exe	GET	206	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/k4ldha5kevpu7qn7k4s3mznvgu_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win32_ad2kbvs6jks3au5dsxn7cqflsiiq.crx3	unknown	binary	353 Kb	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
4	System	192.168.100.255:137	—	—	—	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
1596	chrome.exe	64.233.166.84:443	accounts.google.com	GOOGLE	US	unknown
2076	chrome.exe	239.255.255.250:1900	—	—	—	whitelisted
1596	chrome.exe	216.58.212.163:443	clientservices.googleapis.com	GOOGLE	US	whitelisted
1596	chrome.exe	142.250.186.68:443	www.google.com	GOOGLE	US	whitelisted
1596	chrome.exe	142.250.186.67:443	www.gstatic.com	GOOGLE	US	whitelisted
1596	chrome.exe	142.250.186.174:443	apis.google.com	GOOGLE	US	whitelisted
1596	chrome.exe	142.250.185.110:443	encrypted-tbn0.gstatic.com	GOOGLE	US	whitelisted

DNS requests

Domain	IP	Reputation
accounts.google.com	64.233.166.84	shared
clientservices.googleapis.com	216.58.212.163	whitelisted
www.google.com	142.250.186.68	whitelisted
www.gstatic.com	142.250.186.67	whitelisted
apis.google.com	142.250.186.174	whitelisted
encrypted-tbn0.gstatic.com	142.250.185.110	whitelisted
update.googleapis.com	142.250.186.163 142.250.186.131	whitelisted
lh5.googleusercontent.com	142.250.185.129	whitelisted
lh3.googleusercontent.com	142.250.186.161	whitelisted
fonts.gstatic.com	142.250.185.163	whitelisted

Threats

No threats detected

Add for printing

No debug info

General Info

/Zusyaku/Malware-Collection-Part-2/blob/main/Ransomware/BadRabbit.exe

B8D35FCFAA6F27805C22B7BC443D09E4

7DCFDCCDB0F5A4B89AAC85485670962EF6C27CAE

BFDC338F9F4F7F90D00612E02A0EDEC759F89D14999D4A71E403B74D89168685

1536:Otz9DZxjDFBd9R9fBpNPAKptDx1r5VBtbfNbFfhNNl9FlddTNx99pB9NVV5Vlxvx:dF30

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

SUSPICIOUS

INFO

Drops the executable file immediately after the start

Manual execution by a user

Application launched itself

Malware configuration

Static information

EXIF

JSON

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings