Overview
overview
10Static
static
10@_136 @828...SM.exe
windows7-x64
7@_136 @828...SM.exe
windows10-2004-x64
7TrashMalwa...in.exe
windows7-x64
8TrashMalwa...in.exe
windows10-2004-x64
8AdStRkJ.exe
windows7-x64
8AdStRkJ.exe
windows10-2004-x64
8Anatralier.exe
windows7-x64
7Anatralier.exe
windows10-2004-x64
7TrashMalwa...er.exe
windows7-x64
3TrashMalwa...er.exe
windows10-2004-x64
8TrashMalwa...nk.exe
windows7-x64
8TrashMalwa...nk.exe
windows10-2004-x64
8TrashMalwa...oN.bat
windows7-x64
8TrashMalwa...oN.bat
windows10-2004-x64
8TrashMalwa...zz.exe
windows7-x64
6TrashMalwa...zz.exe
windows10-2004-x64
6TrashMalwa...de.exe
windows7-x64
7TrashMalwa...de.exe
windows10-2004-x64
7TrashMalwa...20.exe
windows7-x64
4TrashMalwa...20.exe
windows10-2004-x64
7TrashMalwa...ll.exe
windows7-x64
7TrashMalwa...ll.exe
windows10-2004-x64
7TrashMalwa...le.exe
windows7-x64
8TrashMalwa...le.exe
windows10-2004-x64
8TrashMalwa...oe.bat
windows7-x64
8TrashMalwa...oe.bat
windows10-2004-x64
8TrashMalwa....0.exe
windows7-x64
6TrashMalwa....0.exe
windows10-2004-x64
7TrashMalwa....0.exe
windows7-x64
8TrashMalwa....0.exe
windows10-2004-x64
7TrashMalwa....0.exe
windows7-x64
7TrashMalwa....0.exe
windows10-2004-x64
7Analysis
-
max time kernel
40s -
max time network
183s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
02-03-2024 20:26
Behavioral task
behavioral1
Sample
@_136 @828#-138389J-SJFJDSM.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
@_136 @828#-138389J-SJFJDSM.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
TrashMalwares-main/AcidRain.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
TrashMalwares-main/AcidRain.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
AdStRkJ.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
AdStRkJ.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Anatralier.exe
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
Anatralier.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
TrashMalwares-main/Antivirus_Installer.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
TrashMalwares-main/Antivirus_Installer.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
TrashMalwares-main/Dro trojan. Virus prank.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
TrashMalwares-main/Dro trojan. Virus prank.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
TrashMalwares-main/FaZoN.bat
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
TrashMalwares-main/FaZoN.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
TrashMalwares-main/Fizz.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
TrashMalwares-main/Fizz.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
TrashMalwares-main/Ginxide.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
TrashMalwares-main/Ginxide.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
TrashMalwares-main/Install Windows20.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
TrashMalwares-main/Install Windows20.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
TrashMalwares-main/MS-RickRoll.exe
Resource
win7-20240220-en
Behavioral task
behavioral22
Sample
TrashMalwares-main/MS-RickRoll.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
TrashMalwares-main/MercuryXhoffle.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
TrashMalwares-main/MercuryXhoffle.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
TrashMalwares-main/NetPakoe.bat
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
TrashMalwares-main/NetPakoe.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
TrashMalwares-main/NetPakoe3.0.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
TrashMalwares-main/NetPakoe3.0.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
TrashMalwares-main/NoEscape8.0.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
TrashMalwares-main/NoEscape8.0.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
TrashMalwares-main/PC shaking v4.0.exe
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
TrashMalwares-main/PC shaking v4.0.exe
Resource
win10v2004-20240226-en
General
-
Target
TrashMalwares-main/NetPakoe.bat
-
Size
635B
-
MD5
6c5a9741a170d3ac2e2c89d3e91ea6ea
-
SHA1
7034266eefee8c6437d966f5d91ea82e50e10d59
-
SHA256
4d1a5d2255194f08a772aef2363514890ecd620dfc49e5b701fc8f2e2388e616
-
SHA512
9dcf12e971da1c78d92dd7ff824d50e8487ae61bfb9dcbfea6c38f8ebba22994fde19d825e44f4632aba9e0fc34d75cd87e090b75ed78b51b908128cc22ce29c
Malware Config
Signatures
-
Blocklisted process makes network request 3 IoCs
Processes:
flow pid process 28 6512 32 6512 34 6512 -
Modifies Installed Components in the registry 2 TTPs 14 IoCs
Processes:
explorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Software\Microsoft\Active Setup\Installed Components explorer.exe -
Drops startup file 64 IoCs
Processes:
cmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.exedescription ioc process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NetPakoe.bat cmd.exe -
Enumerates connected drives 3 TTPs 6 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
explorer.exeexplorer.exeexplorer.exedescription ioc process File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\D: explorer.exe File opened (read-only) \??\F: explorer.exe File opened (read-only) \??\D: explorer.exe -
Kills process with taskkill 64 IoCs
Processes:
taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exepid process 680 taskkill.exe 9116 taskkill.exe 12204 taskkill.exe 15176 taskkill.exe 7248 taskkill.exe 10448 taskkill.exe 13564 taskkill.exe 14488 taskkill.exe 15340 taskkill.exe 6176 taskkill.exe 7420 taskkill.exe 6292 taskkill.exe 7476 taskkill.exe 10620 taskkill.exe 12148 taskkill.exe 6244 taskkill.exe 7664 taskkill.exe 8732 taskkill.exe 9624 taskkill.exe 8792 taskkill.exe 13580 taskkill.exe 5496 taskkill.exe 6004 taskkill.exe 7780 taskkill.exe 14260 taskkill.exe 7392 taskkill.exe 7424 taskkill.exe 7888 taskkill.exe 7788 taskkill.exe 13596 taskkill.exe 13764 taskkill.exe 5992 taskkill.exe 3752 taskkill.exe 7888 taskkill.exe 5984 taskkill.exe 5564 taskkill.exe 7124 taskkill.exe 768 taskkill.exe 10020 taskkill.exe 12320 taskkill.exe 1172 taskkill.exe 13224 taskkill.exe 14948 taskkill.exe 4052 taskkill.exe 9944 taskkill.exe 3332 taskkill.exe 1036 taskkill.exe 5780 taskkill.exe 2844 taskkill.exe 12604 taskkill.exe 13588 taskkill.exe 13712 taskkill.exe 13004 taskkill.exe 15328 taskkill.exe 3700 taskkill.exe 2044 taskkill.exe 7292 taskkill.exe 7636 taskkill.exe 6404 taskkill.exe 5208 taskkill.exe 2884 taskkill.exe 14388 taskkill.exe 3604 taskkill.exe 3544 taskkill.exe -
Modifies registry class 64 IoCs
Processes:
explorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2727153400-192325109-1870347593-1000\{1EAF4BB5-CBD3-41EA-B850-B80B78B729F2} explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2727153400-192325109-1870347593-1000\{B5966072-D909-4EFE-85E8-E09EE48390BD} explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ explorer.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2727153400-192325109-1870347593-1000\{80852F6A-0A13-4C4C-A60E-7F2200D44B56} explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2727153400-192325109-1870347593-1000\{04814A63-8BE9-4644-A350-548370E1C5B4} explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2727153400-192325109-1870347593-1000\{B699431B-14AA-4B85-8FEA-547992CEABB7} explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff explorer.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2727153400-192325109-1870347593-1000\{A87C93D7-4A78-4DC5-A4C1-97BC1B96D899} explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2727153400-192325109-1870347593-1000\{FE7E43B7-7BB6-4B05-81AF-5CA7596ED476} explorer.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2727153400-192325109-1870347593-1000\{10D2CA1F-5974-422C-89A3-FCB978C5C0CC} explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2727153400-192325109-1870347593-1000\{F1C3C17C-D049-4849-8958-DCDF01D702BA} explorer.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2727153400-192325109-1870347593-1000\{E6735B21-312C-4A3C-BAF2-AECBA094823C} explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ explorer.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2727153400-192325109-1870347593-1000\{A99CA888-4827-46A3-8BFB-1FE1D652C5B3} explorer.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
taskkill.exeexplorer.exetaskkill.exetaskkill.exeexplorer.exetaskkill.exetaskkill.exetaskkill.exeexplorer.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exeexplorer.exetaskkill.exetaskkill.exeexplorer.exetaskkill.exetaskkill.exeexplorer.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exedescription pid process Token: SeDebugPrivilege 2044 taskkill.exe Token: SeShutdownPrivilege 4720 explorer.exe Token: SeCreatePagefilePrivilege 4720 explorer.exe Token: SeShutdownPrivilege 4720 explorer.exe Token: SeCreatePagefilePrivilege 4720 explorer.exe Token: SeShutdownPrivilege 4720 explorer.exe Token: SeCreatePagefilePrivilege 4720 explorer.exe Token: SeShutdownPrivilege 4720 explorer.exe Token: SeCreatePagefilePrivilege 4720 explorer.exe Token: SeDebugPrivilege 2588 taskkill.exe Token: SeDebugPrivilege 3100 taskkill.exe Token: SeShutdownPrivilege 4988 explorer.exe Token: SeCreatePagefilePrivilege 4988 explorer.exe Token: SeShutdownPrivilege 4988 explorer.exe Token: SeCreatePagefilePrivilege 4988 explorer.exe Token: SeShutdownPrivilege 4988 explorer.exe Token: SeCreatePagefilePrivilege 4988 explorer.exe Token: SeShutdownPrivilege 4988 explorer.exe Token: SeCreatePagefilePrivilege 4988 explorer.exe Token: SeDebugPrivilege 3900 taskkill.exe Token: SeDebugPrivilege 3120 taskkill.exe Token: SeDebugPrivilege 2880 taskkill.exe Token: SeShutdownPrivilege 4580 explorer.exe Token: SeCreatePagefilePrivilege 4580 explorer.exe Token: SeShutdownPrivilege 4580 explorer.exe Token: SeCreatePagefilePrivilege 4580 explorer.exe Token: SeDebugPrivilege 784 taskkill.exe Token: SeShutdownPrivilege 4580 explorer.exe Token: SeCreatePagefilePrivilege 4580 explorer.exe Token: SeShutdownPrivilege 4580 explorer.exe Token: SeCreatePagefilePrivilege 4580 explorer.exe Token: SeDebugPrivilege 3840 taskkill.exe Token: SeDebugPrivilege 3856 taskkill.exe Token: SeDebugPrivilege 680 taskkill.exe Token: SeDebugPrivilege 4052 taskkill.exe Token: SeShutdownPrivilege 4284 explorer.exe Token: SeCreatePagefilePrivilege 4284 explorer.exe Token: SeShutdownPrivilege 4284 explorer.exe Token: SeCreatePagefilePrivilege 4284 explorer.exe Token: SeDebugPrivilege 1984 taskkill.exe Token: SeDebugPrivilege 3860 taskkill.exe Token: SeShutdownPrivilege 1156 explorer.exe Token: SeCreatePagefilePrivilege 1156 explorer.exe Token: SeShutdownPrivilege 1156 explorer.exe Token: SeCreatePagefilePrivilege 1156 explorer.exe Token: SeDebugPrivilege 3780 taskkill.exe Token: SeShutdownPrivilege 1156 explorer.exe Token: SeCreatePagefilePrivilege 1156 explorer.exe Token: SeShutdownPrivilege 1156 explorer.exe Token: SeCreatePagefilePrivilege 1156 explorer.exe Token: SeDebugPrivilege 3740 taskkill.exe Token: SeShutdownPrivilege 5236 explorer.exe Token: SeCreatePagefilePrivilege 5236 explorer.exe Token: SeShutdownPrivilege 5236 explorer.exe Token: SeCreatePagefilePrivilege 5236 explorer.exe Token: SeDebugPrivilege 5348 taskkill.exe Token: SeDebugPrivilege 5408 taskkill.exe Token: SeDebugPrivilege 5488 taskkill.exe Token: SeDebugPrivilege 5436 taskkill.exe Token: SeDebugPrivilege 5496 taskkill.exe Token: SeDebugPrivilege 5564 taskkill.exe Token: SeDebugPrivilege 5644 taskkill.exe Token: SeDebugPrivilege 5652 taskkill.exe Token: SeDebugPrivilege 5852 taskkill.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
explorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exepid process 4720 explorer.exe 4720 explorer.exe 4720 explorer.exe 4720 explorer.exe 4720 explorer.exe 4720 explorer.exe 4720 explorer.exe 4988 explorer.exe 4988 explorer.exe 4988 explorer.exe 4988 explorer.exe 4988 explorer.exe 4988 explorer.exe 4988 explorer.exe 4580 explorer.exe 4580 explorer.exe 4580 explorer.exe 4580 explorer.exe 4580 explorer.exe 4580 explorer.exe 1156 explorer.exe 1156 explorer.exe 1156 explorer.exe 1156 explorer.exe 1156 explorer.exe 1156 explorer.exe 5236 explorer.exe 5236 explorer.exe 5204 explorer.exe 5204 explorer.exe 5204 explorer.exe 5204 explorer.exe 5204 explorer.exe 5204 explorer.exe 6376 explorer.exe 6376 explorer.exe 6376 explorer.exe 6376 explorer.exe 6376 explorer.exe 6376 explorer.exe 6320 explorer.exe 6320 explorer.exe 6320 explorer.exe 6320 explorer.exe 6320 explorer.exe 6320 explorer.exe 7544 explorer.exe 7544 explorer.exe 7544 explorer.exe 7544 explorer.exe 7544 explorer.exe 7544 explorer.exe 7328 explorer.exe 7328 explorer.exe 7328 explorer.exe 7328 explorer.exe 7328 explorer.exe 7328 explorer.exe 8496 explorer.exe 8496 explorer.exe 8496 explorer.exe 8496 explorer.exe 8496 explorer.exe 8496 explorer.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
explorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exeexplorer.exepid process 4720 explorer.exe 4720 explorer.exe 4720 explorer.exe 4720 explorer.exe 4720 explorer.exe 4720 explorer.exe 4720 explorer.exe 4720 explorer.exe 4720 explorer.exe 4988 explorer.exe 4988 explorer.exe 4988 explorer.exe 4988 explorer.exe 4988 explorer.exe 4988 explorer.exe 4988 explorer.exe 4988 explorer.exe 4988 explorer.exe 4580 explorer.exe 4580 explorer.exe 4580 explorer.exe 4580 explorer.exe 4580 explorer.exe 4580 explorer.exe 4580 explorer.exe 4580 explorer.exe 4580 explorer.exe 1156 explorer.exe 1156 explorer.exe 1156 explorer.exe 1156 explorer.exe 1156 explorer.exe 1156 explorer.exe 1156 explorer.exe 1156 explorer.exe 1156 explorer.exe 5236 explorer.exe 5236 explorer.exe 5204 explorer.exe 5204 explorer.exe 5204 explorer.exe 5204 explorer.exe 5204 explorer.exe 5204 explorer.exe 5204 explorer.exe 5204 explorer.exe 5204 explorer.exe 6376 explorer.exe 6376 explorer.exe 6376 explorer.exe 6376 explorer.exe 6376 explorer.exe 6376 explorer.exe 6376 explorer.exe 6376 explorer.exe 6376 explorer.exe 6376 explorer.exe 6320 explorer.exe 6320 explorer.exe 6320 explorer.exe 6320 explorer.exe 6320 explorer.exe 6320 explorer.exe 6320 explorer.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
cmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.exedescription pid process target process PID 1460 wrote to memory of 768 1460 cmd.exe taskkill.exe PID 1460 wrote to memory of 768 1460 cmd.exe taskkill.exe PID 1460 wrote to memory of 2044 1460 cmd.exe taskkill.exe PID 1460 wrote to memory of 2044 1460 cmd.exe taskkill.exe PID 1460 wrote to memory of 8 1460 cmd.exe cmd.exe PID 1460 wrote to memory of 8 1460 cmd.exe cmd.exe PID 1460 wrote to memory of 3504 1460 cmd.exe cmd.exe PID 1460 wrote to memory of 3504 1460 cmd.exe cmd.exe PID 1460 wrote to memory of 4720 1460 cmd.exe explorer.exe PID 1460 wrote to memory of 4720 1460 cmd.exe explorer.exe PID 3504 wrote to memory of 3544 3504 cmd.exe taskkill.exe PID 3504 wrote to memory of 3544 3504 cmd.exe taskkill.exe PID 8 wrote to memory of 4016 8 cmd.exe taskkill.exe PID 8 wrote to memory of 4016 8 cmd.exe taskkill.exe PID 3504 wrote to memory of 2588 3504 cmd.exe taskkill.exe PID 3504 wrote to memory of 2588 3504 cmd.exe taskkill.exe PID 8 wrote to memory of 3100 8 cmd.exe taskkill.exe PID 8 wrote to memory of 3100 8 cmd.exe taskkill.exe PID 3504 wrote to memory of 2008 3504 cmd.exe cmd.exe PID 3504 wrote to memory of 2008 3504 cmd.exe cmd.exe PID 3504 wrote to memory of 3956 3504 cmd.exe cmd.exe PID 3504 wrote to memory of 3956 3504 cmd.exe cmd.exe PID 3504 wrote to memory of 4988 3504 cmd.exe explorer.exe PID 3504 wrote to memory of 4988 3504 cmd.exe explorer.exe PID 3956 wrote to memory of 1036 3956 cmd.exe cmd.exe PID 3956 wrote to memory of 1036 3956 cmd.exe cmd.exe PID 2008 wrote to memory of 1952 2008 cmd.exe taskkill.exe PID 2008 wrote to memory of 1952 2008 cmd.exe taskkill.exe PID 8 wrote to memory of 3908 8 cmd.exe cmd.exe PID 8 wrote to memory of 3908 8 cmd.exe cmd.exe PID 8 wrote to memory of 3684 8 cmd.exe cmd.exe PID 8 wrote to memory of 3684 8 cmd.exe cmd.exe PID 8 wrote to memory of 4372 8 cmd.exe explorer.exe PID 8 wrote to memory of 4372 8 cmd.exe explorer.exe PID 3956 wrote to memory of 3900 3956 cmd.exe cmd.exe PID 3956 wrote to memory of 3900 3956 cmd.exe cmd.exe PID 2008 wrote to memory of 3120 2008 cmd.exe Conhost.exe PID 2008 wrote to memory of 3120 2008 cmd.exe Conhost.exe PID 3684 wrote to memory of 3676 3684 cmd.exe taskkill.exe PID 3684 wrote to memory of 3676 3684 cmd.exe taskkill.exe PID 3684 wrote to memory of 2880 3684 cmd.exe taskkill.exe PID 3684 wrote to memory of 2880 3684 cmd.exe taskkill.exe PID 3908 wrote to memory of 3124 3908 cmd.exe taskkill.exe PID 3908 wrote to memory of 3124 3908 cmd.exe taskkill.exe PID 3956 wrote to memory of 4744 3956 cmd.exe cmd.exe PID 3956 wrote to memory of 4744 3956 cmd.exe cmd.exe PID 3956 wrote to memory of 2836 3956 cmd.exe cmd.exe PID 3956 wrote to memory of 2836 3956 cmd.exe cmd.exe PID 3956 wrote to memory of 4580 3956 cmd.exe explorer.exe PID 3956 wrote to memory of 4580 3956 cmd.exe explorer.exe PID 2008 wrote to memory of 3988 2008 cmd.exe cmd.exe PID 2008 wrote to memory of 3988 2008 cmd.exe cmd.exe PID 2008 wrote to memory of 2784 2008 cmd.exe cmd.exe PID 2008 wrote to memory of 2784 2008 cmd.exe cmd.exe PID 2008 wrote to memory of 264 2008 cmd.exe explorer.exe PID 2008 wrote to memory of 264 2008 cmd.exe explorer.exe PID 3908 wrote to memory of 784 3908 cmd.exe taskkill.exe PID 3908 wrote to memory of 784 3908 cmd.exe taskkill.exe PID 4744 wrote to memory of 1696 4744 cmd.exe taskkill.exe PID 4744 wrote to memory of 1696 4744 cmd.exe taskkill.exe PID 2836 wrote to memory of 1172 2836 cmd.exe taskkill.exe PID 2836 wrote to memory of 1172 2836 cmd.exe taskkill.exe PID 3988 wrote to memory of 3752 3988 cmd.exe taskkill.exe PID 3988 wrote to memory of 3752 3988 cmd.exe taskkill.exe
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\NetPakoe.bat"1⤵
- Drops startup file
- Suspicious use of WriteProcessMemory
PID:1460 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F2⤵PID:768
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2044
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat2⤵
- Drops startup file
- Suspicious use of WriteProcessMemory
PID:8 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F3⤵PID:4016
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3100
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat3⤵
- Drops startup file
- Suspicious use of WriteProcessMemory
PID:3908 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F4⤵PID:3124
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F4⤵
- Suspicious use of AdjustPrivilegeToken
PID:784
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat4⤵PID:1900
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F5⤵PID:4496
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
PID:3780
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat5⤵PID:5684
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵
- Kills process with taskkill
PID:2044
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵
- Kills process with taskkill
PID:5780
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵
- Drops startup file
PID:2980 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵
- Kills process with taskkill
PID:6292
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:7720
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:10596
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:10392
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:10676
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:10908
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:11232
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:1420
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:10984
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV19⤵PID:7336
-
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:3120
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:8292
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat9⤵PID:4452
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe9⤵PID:4508
-
-
C:\Windows\explorer.exeexplorer9⤵PID:4592
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:11124
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:3208
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵
- Kills process with taskkill
PID:14488
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:10796
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:4104
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵
- Drops startup file
PID:7300 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵
- Kills process with taskkill
PID:768
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵
- Kills process with taskkill
PID:2844
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:5840
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:11916
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:11032
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:14640
-
-
C:\Windows\explorer.exeexplorer8⤵PID:14696
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:8172
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:12036
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:13600
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:14568
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:4568
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:14600
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:10268
-
-
-
C:\Windows\explorer.exeexplorer6⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
PID:7544
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe5⤵
- Drops startup file
PID:5708 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:3832
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵PID:6072
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵PID:8128
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:7780
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:9180
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:1724
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:5428
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:12808
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:4408
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:11076
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:15216
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:14504
-
-
C:\Windows\explorer.exeexplorer8⤵PID:13080
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:6784
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵PID:7296
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:7336
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵
- Kills process with taskkill
PID:7780
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:7844
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:11416
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵
- Kills process with taskkill
PID:7788
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:13340
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:8756
-
-
C:\Windows\explorer.exeexplorer8⤵PID:13832
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:8060
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:12820
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:12496
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:12492
-
-
C:\Windows\explorer.exeexplorer8⤵PID:6976
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:11108
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:7164
-
-
-
C:\Windows\explorer.exeexplorer5⤵PID:5716
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe4⤵
- Drops startup file
PID:1848 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F5⤵
- Kills process with taskkill
PID:3700
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
PID:3740
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat5⤵
- Drops startup file
PID:5912 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:3964
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵PID:5492
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵
- Drops startup file
PID:7456 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:6752
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵
- Kills process with taskkill
PID:7888
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:10360
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:4248
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵
- Kills process with taskkill
PID:5208
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:9908
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:14656
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:14360
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:6804
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:14712
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:10748
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:11224
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:11052
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:13504
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:14468
-
-
C:\Windows\explorer.exeexplorer8⤵PID:14688
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:11048
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵
- Drops startup file
PID:7608 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:7704
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵
- Kills process with taskkill
PID:7424
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:10524
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:10796
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:9188
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:3076
-
-
C:\Windows\explorer.exeexplorer8⤵PID:5728
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:10852
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:8820
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:11384
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:15208
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:11240
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:7636
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe5⤵
- Drops startup file
PID:5932 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:5184
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵PID:6180
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵
- Drops startup file
PID:7896 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:1908
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵
- Kills process with taskkill
PID:7636
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:11168
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:11328
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵
- Kills process with taskkill
PID:13224
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:14576
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:14616
-
-
C:\Windows\explorer.exeexplorer8⤵PID:14624
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:8044
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:2876
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:5876
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:9780
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵PID:8152
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:7276
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:8604
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:4344
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:14080
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:10396
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV18⤵PID:9460
-
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:10800
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:15248
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:9608
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:7364
-
-
-
C:\Windows\explorer.exeexplorer5⤵
- Modifies Installed Components in the registry
- Modifies registry class
PID:5960
-
-
-
C:\Windows\explorer.exeexplorer4⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4284
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe3⤵
- Suspicious use of WriteProcessMemory
PID:3684 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F4⤵PID:3676
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F4⤵
- Suspicious use of AdjustPrivilegeToken
PID:2880
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat4⤵PID:3632
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F5⤵PID:4020
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
PID:1984
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat5⤵PID:3840
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵PID:3780
-
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:5456
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵
- Suspicious use of AdjustPrivilegeToken
PID:5852
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵
- Drops startup file
PID:6684 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵
- Kills process with taskkill
PID:7664
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:6332
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵
- Drops startup file
PID:8916 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:10328
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:8992
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:11620
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:12932
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:14176
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:11612
-
-
C:\Windows\explorer.exeexplorer9⤵PID:7368
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:9144
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵
- Drops startup file
PID:9508 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:10572
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:8728
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:12872
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:11936
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe9⤵PID:6512
-
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:9936
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵PID:7000
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:7184
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:7964
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵
- Drops startup file
PID:7344 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:10424
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:10508
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:12304
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:13064
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:15208
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵
- Kills process with taskkill
PID:14260
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe9⤵PID:14964
-
-
C:\Windows\explorer.exeexplorer9⤵PID:1344
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:9480
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:4268
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:8672
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:1240
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:5172
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:10904
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:10140
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:9916
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:1328
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe5⤵
- Drops startup file
PID:5224 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:5660
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵
- Kills process with taskkill
PID:6004
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵
- Drops startup file
PID:6560 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:7256
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:8080
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:9448
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:11060
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:8876
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:11932
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:732
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵
- Kills process with taskkill
PID:14948
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:4104
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:9872
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:11152
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:8764
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:7552
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵
- Drops startup file
PID:6904 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:6484
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵
- Kills process with taskkill
PID:7420
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵
- Drops startup file
PID:8276 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:9444
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:10480
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:12404
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:15184
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:10300
-
-
C:\Windows\explorer.exeexplorer9⤵PID:4324
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:13128
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:15280
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:5776
-
-
C:\Windows\explorer.exeexplorer9⤵PID:15100
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:9868
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:8632
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:7736
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:10936
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:12192
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:7552
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:12524
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:11824
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:6056
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat9⤵PID:5872
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe9⤵PID:12480
-
-
C:\Windows\explorer.exeexplorer9⤵PID:15252
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:13236
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:9052
-
-
-
C:\Windows\explorer.exeexplorer6⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6320
-
-
-
C:\Windows\explorer.exeexplorer5⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5236
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe4⤵
- Drops startup file
PID:4836 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F5⤵PID:1808
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
PID:3860
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat5⤵
- Drops startup file
PID:1300 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:5448
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵PID:5836
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵PID:6796
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:7560
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:1664
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:4412
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV18⤵PID:8732
-
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:11200
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:9152
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:13772
-
-
C:\Windows\explorer.exeexplorer8⤵PID:13788
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:9636
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:10920
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:10736
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:10040
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵
- Drops startup file
PID:7100 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:7436
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:8144
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵
- Drops startup file
PID:8840 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:4908
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:11192
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:11776
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:13740
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:12896
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat9⤵PID:10140
-
-
C:\Windows\explorer.exeexplorer9⤵PID:14436
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:7428
-
-
C:\Windows\explorer.exeexplorer8⤵PID:12756
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵
- Drops startup file
PID:8304 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV18⤵PID:7836
-
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:10348
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:10964
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:12600
-
-
C:\Windows\explorer.exeexplorer8⤵PID:1340
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:9388
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:6836
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe5⤵
- Drops startup file
PID:1468 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:2908
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵
- Suspicious use of AdjustPrivilegeToken
PID:5436
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵
- Drops startup file
PID:5476 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:7128
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:7400
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵
- Drops startup file
PID:8324 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:9580
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:11028
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:6840
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:10536
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵
- Kills process with taskkill
PID:13004
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat9⤵PID:6528
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe9⤵PID:6772
-
-
C:\Windows\explorer.exeexplorer9⤵PID:7056
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:11904
-
-
C:\Windows\explorer.exeexplorer8⤵PID:11836
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:8700
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:6916
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:11096
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:11460
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵
- Kills process with taskkill
PID:13588
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:15256
-
-
C:\Windows\explorer.exeexplorer9⤵PID:12372
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:12136
-
-
C:\Windows\explorer.exeexplorer8⤵PID:12488
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:9128
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵
- Drops startup file
PID:5928 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:6456
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵
- Kills process with taskkill
PID:7888
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:7272
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵
- Kills process with taskkill
PID:8732
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:9952
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:11088
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:10620
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵
- Kills process with taskkill
PID:15176
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:5424
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:13212
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:7284
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:9032
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:7172
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:8728
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:6840
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:11996
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:11856
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:14124
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵
- Kills process with taskkill
PID:13764
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe9⤵PID:13864
-
-
C:\Windows\explorer.exeexplorer9⤵PID:6052
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:13000
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:5528
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:5528
-
-
-
C:\Windows\explorer.exeexplorer5⤵PID:2680
-
-
-
C:\Windows\explorer.exeexplorer4⤵PID:4560
-
-
-
C:\Windows\explorer.exeexplorer3⤵PID:4372
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe2⤵
- Suspicious use of WriteProcessMemory
PID:3504 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F3⤵
- Kills process with taskkill
PID:3544
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2588
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat3⤵
- Drops startup file
- Suspicious use of WriteProcessMemory
PID:2008 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F4⤵PID:1952
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F4⤵
- Suspicious use of AdjustPrivilegeToken
PID:3120
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat4⤵
- Drops startup file
- Suspicious use of WriteProcessMemory
PID:3988 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F5⤵
- Kills process with taskkill
PID:3752
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:680
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat5⤵PID:3796
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:5592
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵PID:5904
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵
- Drops startup file
PID:6412 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:7380
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:7224
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:9772
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV18⤵PID:7124
-
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:10316
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:9392
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:1448
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵
- Kills process with taskkill
PID:15340
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:13820
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵
- Kills process with taskkill
PID:12320
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat9⤵PID:3752
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe9⤵PID:4424
-
-
C:\Windows\explorer.exeexplorer9⤵PID:12140
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:11680
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:8508
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:7664
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:4524
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:13584
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:14648
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:13828
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:12496
-
-
C:\Windows\explorer.exeexplorer9⤵PID:14504
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:14704
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:2932
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵
- Drops startup file
PID:6696 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵
- Kills process with taskkill
PID:7392
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:6748
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:9568
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:10896
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵
- Kills process with taskkill
PID:8792
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:13036
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:5344
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:11048
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:10312
-
-
C:\Windows\explorer.exeexplorer8⤵PID:1408
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:9980
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:10976
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:9476
-
-
C:\Windows\explorer.exeexplorer8⤵PID:1280
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:640
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:6712
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe5⤵PID:4572
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:5216
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵
- Suspicious use of AdjustPrivilegeToken
PID:5644
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵
- Drops startup file
PID:5524 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:1664
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:7500
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:8856
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:10252
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:10708
-
-
C:\Windows\explorer.exeexplorer8⤵PID:4212
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:8360
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:10288
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:4116
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:11828
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:11456
-
-
C:\Windows\explorer.exeexplorer8⤵PID:12812
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:9404
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵PID:4936
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:7192
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:6260
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:9380
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:11252
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:5420
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:13812
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵
- Kills process with taskkill
PID:3332
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat9⤵PID:12740
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe9⤵PID:13960
-
-
C:\Windows\explorer.exeexplorer9⤵PID:1440
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:13828
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:9856
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:9228
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵
- Kills process with taskkill
PID:5984
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:14072
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:11288
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:5268
-
-
C:\Windows\explorer.exeexplorer8⤵PID:8608
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:8108
-
-
-
C:\Windows\explorer.exeexplorer6⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6376
-
-
-
C:\Windows\explorer.exeexplorer5⤵PID:3148
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe4⤵
- Drops startup file
PID:2784 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F5⤵PID:4164
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4052
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat5⤵PID:4980
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:5128
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5564
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵PID:6248
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:7232
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:7344
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:8144
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:7780
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:1444
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:13604
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵
- Kills process with taskkill
PID:5992
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat9⤵PID:14308
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:13612
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵
- Kills process with taskkill
PID:3604
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat9⤵PID:15232
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe9⤵PID:3496
-
-
C:\Windows\explorer.exeexplorer9⤵PID:14936
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:13620
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:8596
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:9188
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵
- Kills process with taskkill
PID:6404
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:14380
-
-
-
C:\Windows\explorer.exeexplorer7⤵
- Modifies Installed Components in the registry
- Modifies registry class
PID:9316
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵
- Drops startup file
PID:6532 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵
- Kills process with taskkill
PID:7292
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:7988
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:8284
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:9228
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:3888
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:400
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:8320
-
-
C:\Windows\explorer.exeexplorer8⤵PID:12204
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵
- Drops startup file
PID:8640 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:10316
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:6916
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:10708
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:12756
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat9⤵PID:2732
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:11520
-
-
C:\Windows\explorer.exeexplorer8⤵PID:12236
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:9064
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:6552
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe5⤵PID:2540
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:5152
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5496
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵
- Drops startup file
PID:5808 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:6288
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:7596
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵
- Drops startup file
PID:6640 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV18⤵PID:3964
-
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:6840
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:10692
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:12172
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:12516
-
-
C:\Windows\explorer.exeexplorer8⤵PID:13248
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵
- Drops startup file
PID:6748 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:10020
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:11184
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:11188
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:12140
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:15240
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe9⤵PID:1408
-
-
C:\Windows\explorer.exeexplorer9⤵PID:15252
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:7636
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵
- Kills process with taskkill
PID:13596
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:15264
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:11760
-
-
-
C:\Windows\explorer.exeexplorer7⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Modifies registry class
- Suspicious use of FindShellTrayWindow
PID:8496
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵PID:1308
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:6292
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:7836
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵
- Drops startup file
PID:8260 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:2344
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵
- Kills process with taskkill
PID:10448
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:1588
-
-
C:\Windows\explorer.exeexplorer8⤵PID:14012
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:8624
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:8576
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:11088
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:4908
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV19⤵PID:3120
-
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵
- Kills process with taskkill
PID:12148
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat9⤵PID:14500
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe9⤵PID:12492
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:13036
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:9032
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:6264
-
-
-
C:\Windows\explorer.exeexplorer5⤵PID:3992
-
-
-
C:\Windows\explorer.exeexplorer4⤵PID:264
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe3⤵
- Suspicious use of WriteProcessMemory
PID:3956 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F4⤵
- Kills process with taskkill
PID:1036
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F4⤵
- Suspicious use of AdjustPrivilegeToken
PID:3900
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat4⤵
- Drops startup file
- Suspicious use of WriteProcessMemory
PID:4744 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F5⤵PID:1696
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
PID:3856
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat5⤵PID:3820
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:3832
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵
- Suspicious use of AdjustPrivilegeToken
PID:5408
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵
- Drops startup file
PID:5168 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵
- Kills process with taskkill
PID:6176
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:7200
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:6644
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵
- Kills process with taskkill
PID:7476
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:8572
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:6456
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:10624
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:10884
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat9⤵PID:12264
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F10⤵PID:13048
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe9⤵PID:11548
-
-
C:\Windows\explorer.exeexplorer9⤵PID:11792
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:7224
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV19⤵PID:8308
-
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:5124
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:10296
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:9708
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵
- Drops startup file
PID:7496 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:7228
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:7656
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:7568
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:12836
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat9⤵PID:4140
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe9⤵PID:7360
-
-
C:\Windows\explorer.exeexplorer9⤵PID:11784
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:10760
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:6128
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵
- Kills process with taskkill
PID:10020
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:11872
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:7988
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵PID:5716
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:6156
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵
- Kills process with taskkill
PID:7248
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵
- Drops startup file
PID:7824 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:9548
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:9844
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:12552
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:12032
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵
- Drops startup file
PID:6288 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:3596
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:3980
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:4564
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:12776
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:1420
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:12676
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:8560
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:1328
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe5⤵
- Drops startup file
PID:4196 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵PID:4560
-
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:5296
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵
- Suspicious use of AdjustPrivilegeToken
PID:5652
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵
- Drops startup file
PID:4020 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV17⤵PID:5836
-
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:6428
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:7824
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵
- Drops startup file
PID:7532 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:10436
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:7228
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:11688
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:12804
-
-
C:\Windows\explorer.exeexplorer8⤵PID:1740
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:9488
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:10472
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:8076
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:9908
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵PID:6296
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵
- Kills process with taskkill
PID:7124
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:7976
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵
- Drops startup file
PID:6636 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:10444
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:10616
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:11896
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:12888
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:12728
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat9⤵PID:10516
-
-
C:\Windows\explorer.exeexplorer9⤵PID:15092
-
-
-
C:\Windows\system32\shutdown.exeshutdown -s -t 608⤵PID:10740
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:9552
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:10368
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:4384
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:12020
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵
- Kills process with taskkill
PID:2884
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵
- Kills process with taskkill
PID:15328
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe9⤵PID:15072
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:7808
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:13548
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵
- Kills process with taskkill
PID:14388
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat9⤵PID:13788
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe9⤵PID:4708
-
-
C:\Windows\explorer.exeexplorer9⤵PID:3280
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:13048
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:9968
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:6568
-
-
-
C:\Windows\explorer.exeexplorer5⤵PID:1328
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe4⤵
- Suspicious use of WriteProcessMemory
PID:2836 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F5⤵
- Kills process with taskkill
PID:1172
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
PID:3840
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat5⤵
- Drops startup file
PID:2752 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:1356
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵
- Suspicious use of AdjustPrivilegeToken
PID:5488
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵
- Drops startup file
PID:5484 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵
- Kills process with taskkill
PID:6244
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:7520
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵
- Drops startup file
PID:8268 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:9684
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:10944
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:11368
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:12080
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵
- Kills process with taskkill
PID:13564
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:15224
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat9⤵PID:5020
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:12328
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:8616
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵
- Kills process with taskkill
PID:10620
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵
- Kills process with taskkill
PID:9624
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:12904
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:15272
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:6128
-
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:9040
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵
- Drops startup file
PID:5404 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:6356
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:5464
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵PID:7952
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:9172
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:5100
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:1852
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:12836
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:10796
-
-
C:\Windows\explorer.exeexplorer8⤵PID:11792
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵
- Drops startup file
PID:7252 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:9900
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:10416
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:5556
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵
- Kills process with taskkill
PID:12604
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:7112
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:12172
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:10468
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe9⤵PID:540
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:8716
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:7528
-
-
-
C:\Windows\explorer.exeexplorer6⤵PID:5464
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe5⤵
- Drops startup file
PID:3900 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F6⤵PID:2452
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F6⤵
- Suspicious use of AdjustPrivilegeToken
PID:5348
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat6⤵
- Drops startup file
PID:5140 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:6492
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:7272
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵
- Drops startup file
PID:7928 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵
- Kills process with taskkill
PID:9944
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:9460
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:10576
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:13556
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:13624
-
-
C:\Windows\explorer.exeexplorer9⤵PID:14940
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:8788
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:12064
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:3208
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat9⤵PID:14180
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe9⤵PID:1428
-
-
C:\Windows\explorer.exeexplorer9⤵PID:5276
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:11784
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵
- Drops startup file
PID:7600 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:9772
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:9948
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:8868
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵
- Kills process with taskkill
PID:13580
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:11052
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:11564
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:13804
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵
- Kills process with taskkill
PID:13712
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat9⤵PID:6764
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV110⤵PID:8576
-
-
-
C:\Windows\explorer.exeexplorer9⤵PID:644
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:12272
-
-
-
C:\Windows\explorer.exeexplorer7⤵PID:1124
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe6⤵
- Drops startup file
PID:1356 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F7⤵PID:7064
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F7⤵PID:6316
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat7⤵
- Drops startup file
PID:7432 -
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:8308
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵PID:8292
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:1036
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵PID:1656
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:13572
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:1976
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV19⤵PID:9936
-
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F9⤵
- Kills process with taskkill
PID:12204
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:15156
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat9⤵PID:15260
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV110⤵PID:2932
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe9⤵PID:13092
-
-
C:\Windows\explorer.exeexplorer9⤵PID:5268
-
-
-
C:\Windows\explorer.exeexplorer8⤵PID:10448
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe7⤵PID:7936
-
C:\Windows\system32\taskkill.exetaskkill /im Task Manager.exe /F8⤵PID:9924
-
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F8⤵
- Kills process with taskkill
PID:9116
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe.bat8⤵PID:11004
-
C:\Windows\system32\taskkill.exetaskkill /im explorer.exe /F9⤵PID:12760
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K NetPakoe8⤵PID:712
-
-
C:\Windows\explorer.exeexplorer8⤵PID:10772
-
-
-
C:\Windows\explorer.exeexplorer7⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
PID:7328
-
-
-
C:\Windows\explorer.exeexplorer6⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5204
-
-
-
C:\Windows\explorer.exeexplorer5⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1156
-
-
-
C:\Windows\explorer.exeexplorer4⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4580
-
-
-
C:\Windows\explorer.exeexplorer3⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4988
-
-
-
C:\Windows\explorer.exeexplorer2⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4720
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding1⤵PID:13920
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵PID:14060
-
C:\Windows\system32\werfault.exewerfault.exe /hc /shared Global\dda93ae4242b4054bd2dd3ce26335145 /t 3008 /p 22521⤵PID:15336
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵PID:14388
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3fad855 /state1:0x41c64e6d1⤵PID:7720
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
635B
MD56c5a9741a170d3ac2e2c89d3e91ea6ea
SHA17034266eefee8c6437d966f5d91ea82e50e10d59
SHA2564d1a5d2255194f08a772aef2363514890ecd620dfc49e5b701fc8f2e2388e616
SHA5129dcf12e971da1c78d92dd7ff824d50e8487ae61bfb9dcbfea6c38f8ebba22994fde19d825e44f4632aba9e0fc34d75cd87e090b75ed78b51b908128cc22ce29c
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e