Overview
overview
10Static
static
10@_136 @828...SM.exe
windows7-x64
7@_136 @828...SM.exe
windows10-2004-x64
7TrashMalwa...in.exe
windows7-x64
8TrashMalwa...in.exe
windows10-2004-x64
8AdStRkJ.exe
windows7-x64
8AdStRkJ.exe
windows10-2004-x64
8Anatralier.exe
windows7-x64
7Anatralier.exe
windows10-2004-x64
7TrashMalwa...er.exe
windows7-x64
3TrashMalwa...er.exe
windows10-2004-x64
8TrashMalwa...nk.exe
windows7-x64
8TrashMalwa...nk.exe
windows10-2004-x64
8TrashMalwa...oN.bat
windows7-x64
8TrashMalwa...oN.bat
windows10-2004-x64
8TrashMalwa...zz.exe
windows7-x64
6TrashMalwa...zz.exe
windows10-2004-x64
6TrashMalwa...de.exe
windows7-x64
7TrashMalwa...de.exe
windows10-2004-x64
7TrashMalwa...20.exe
windows7-x64
4TrashMalwa...20.exe
windows10-2004-x64
7TrashMalwa...ll.exe
windows7-x64
7TrashMalwa...ll.exe
windows10-2004-x64
7TrashMalwa...le.exe
windows7-x64
8TrashMalwa...le.exe
windows10-2004-x64
8TrashMalwa...oe.bat
windows7-x64
8TrashMalwa...oe.bat
windows10-2004-x64
8TrashMalwa....0.exe
windows7-x64
6TrashMalwa....0.exe
windows10-2004-x64
7TrashMalwa....0.exe
windows7-x64
8TrashMalwa....0.exe
windows10-2004-x64
7TrashMalwa....0.exe
windows7-x64
7TrashMalwa....0.exe
windows10-2004-x64
7Analysis
-
max time kernel
149s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
02-03-2024 20:26
Behavioral task
behavioral1
Sample
@_136 @828#-138389J-SJFJDSM.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
@_136 @828#-138389J-SJFJDSM.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
TrashMalwares-main/AcidRain.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
TrashMalwares-main/AcidRain.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
AdStRkJ.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
AdStRkJ.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Anatralier.exe
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
Anatralier.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
TrashMalwares-main/Antivirus_Installer.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
TrashMalwares-main/Antivirus_Installer.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
TrashMalwares-main/Dro trojan. Virus prank.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
TrashMalwares-main/Dro trojan. Virus prank.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
TrashMalwares-main/FaZoN.bat
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
TrashMalwares-main/FaZoN.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
TrashMalwares-main/Fizz.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
TrashMalwares-main/Fizz.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
TrashMalwares-main/Ginxide.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
TrashMalwares-main/Ginxide.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
TrashMalwares-main/Install Windows20.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
TrashMalwares-main/Install Windows20.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
TrashMalwares-main/MS-RickRoll.exe
Resource
win7-20240220-en
Behavioral task
behavioral22
Sample
TrashMalwares-main/MS-RickRoll.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
TrashMalwares-main/MercuryXhoffle.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
TrashMalwares-main/MercuryXhoffle.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
TrashMalwares-main/NetPakoe.bat
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
TrashMalwares-main/NetPakoe.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
TrashMalwares-main/NetPakoe3.0.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
TrashMalwares-main/NetPakoe3.0.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
TrashMalwares-main/NoEscape8.0.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
TrashMalwares-main/NoEscape8.0.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
TrashMalwares-main/PC shaking v4.0.exe
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
TrashMalwares-main/PC shaking v4.0.exe
Resource
win10v2004-20240226-en
General
-
Target
TrashMalwares-main/AcidRain.exe
-
Size
401KB
-
MD5
ca7d220a719d83aa0dd379dd2c31037a
-
SHA1
88518880ee68f2b108a99449da73ec92b5e3658a
-
SHA256
fa9189d2c7408a9f3bcb0af1be7f00ba71af5014a8bca0986eb11a891fa6c8b5
-
SHA512
eee05cd53f4f5edf6c6929a294284473c39b8193b211a3165333ed65c38ea4e9d5cc6a8e1a1ae2bb38652e83bc7d2ad20fa6d38f8cdbf3a94a7a10fb6358af78
-
SSDEEP
12288:aToPWBv/cpGrU3yy/paSymdM3Gi3AryjBi:aTbBv5rUVRdM2iwejBi
Malware Config
Signatures
-
Disables Task Manager via registry modification
-
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
AcidRain.exeAcid Rain.execmd.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation AcidRain.exe Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation Acid Rain.exe Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation cmd.exe -
Drops startup file 8 IoCs
Processes:
cmd.exeAcidRain.exedescription ioc process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\n0rt0nant1ldks.vbs cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hifjdnfejfnejnkdpamzm.vbs cmd.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\__tmp_rar_sfx_access_check_240608218 AcidRain.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acid Rain.exe AcidRain.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acid Rain.exe AcidRain.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe AcidRain.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe AcidRain.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sodnciwkms.vbs cmd.exe -
Executes dropped EXE 2 IoCs
Processes:
NyanCatIsHere.exeAcid Rain.exepid process 4696 NyanCatIsHere.exe 3552 Acid Rain.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
NyanCatIsHere.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\NyanCatIsHere.exe" NyanCatIsHere.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
NyanCatIsHere.exedescription ioc process File opened for modification \??\PhysicalDrive0 NyanCatIsHere.exe -
Drops file in Windows directory 2 IoCs
Processes:
mspaint.exemspaint.exedescription ioc process File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Delays execution with timeout.exe 10 IoCs
Processes:
timeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exepid process 2776 timeout.exe 6036 timeout.exe 4336 timeout.exe 2540 timeout.exe 640 timeout.exe 2876 timeout.exe 3492 timeout.exe 5832 timeout.exe 2620 timeout.exe 4404 timeout.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
cmd.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings cmd.exe -
Modifies registry key 1 TTPs 2 IoCs
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemspaint.exemsedge.exemspaint.exepid process 1376 msedge.exe 1376 msedge.exe 2376 msedge.exe 2376 msedge.exe 1636 identity_helper.exe 1636 identity_helper.exe 4024 mspaint.exe 4024 mspaint.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 5068 msedge.exe 3732 mspaint.exe 3732 mspaint.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs
Processes:
msedge.exepid process 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
Processes:
mspaint.exemspaint.exepid process 4024 mspaint.exe 4024 mspaint.exe 4024 mspaint.exe 4024 mspaint.exe 3732 mspaint.exe 3732 mspaint.exe 3732 mspaint.exe 3732 mspaint.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcidRain.exeNyanCatIsHere.exeAcid Rain.execmd.exemsedge.exedescription pid process target process PID 3936 wrote to memory of 4696 3936 AcidRain.exe NyanCatIsHere.exe PID 3936 wrote to memory of 4696 3936 AcidRain.exe NyanCatIsHere.exe PID 3936 wrote to memory of 4696 3936 AcidRain.exe NyanCatIsHere.exe PID 3936 wrote to memory of 3552 3936 AcidRain.exe Acid Rain.exe PID 3936 wrote to memory of 3552 3936 AcidRain.exe Acid Rain.exe PID 3936 wrote to memory of 3552 3936 AcidRain.exe Acid Rain.exe PID 4696 wrote to memory of 4576 4696 NyanCatIsHere.exe schtasks.exe PID 4696 wrote to memory of 4576 4696 NyanCatIsHere.exe schtasks.exe PID 4696 wrote to memory of 4576 4696 NyanCatIsHere.exe schtasks.exe PID 3552 wrote to memory of 1468 3552 Acid Rain.exe cmd.exe PID 3552 wrote to memory of 1468 3552 Acid Rain.exe cmd.exe PID 3552 wrote to memory of 1468 3552 Acid Rain.exe cmd.exe PID 1468 wrote to memory of 2376 1468 cmd.exe msedge.exe PID 1468 wrote to memory of 2376 1468 cmd.exe msedge.exe PID 1468 wrote to memory of 2736 1468 cmd.exe reg.exe PID 1468 wrote to memory of 2736 1468 cmd.exe reg.exe PID 1468 wrote to memory of 2736 1468 cmd.exe reg.exe PID 2376 wrote to memory of 3016 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 3016 2376 msedge.exe msedge.exe PID 1468 wrote to memory of 2540 1468 cmd.exe timeout.exe PID 1468 wrote to memory of 2540 1468 cmd.exe timeout.exe PID 1468 wrote to memory of 2540 1468 cmd.exe timeout.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1176 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1376 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 1376 2376 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\AcidRain.exe"C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\AcidRain.exe"1⤵
- Checks computer location settings
- Drops startup file
- Suspicious use of WriteProcessMemory
PID:3936 -
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
PID:4696 -
C:\Windows\SysWOW64\schtasks.exeschtasks.exe /Create /TN "Windows Update" /ru SYSTEM /SC ONSTART /TR "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NyanCatIsHere.exe"3⤵
- Creates scheduled task(s)
PID:4576
-
-
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acid Rain.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acid Rain.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3552 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\65AF.tmp\Acid Rain.bat" "3⤵
- Checks computer location settings
- Drops startup file
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1468 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/enh1BYrI#N5sD3k_HwM4hL3-l-w2Ahb6uP2I-LyVeKgGO-CmfJA04⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2376 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6b1e46f8,0x7ffa6b1e4708,0x7ffa6b1e47185⤵PID:3016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:25⤵PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:35⤵
- Suspicious behavior: EnumeratesProcesses
PID:1376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:85⤵PID:1364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:15⤵PID:4016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:15⤵PID:4648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:85⤵PID:1472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
PID:1636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:15⤵PID:876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:15⤵PID:2240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:15⤵PID:1168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:15⤵PID:1640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:15⤵PID:1092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:15⤵PID:3696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:15⤵PID:5112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:15⤵PID:3088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:15⤵PID:4328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6312 /prefetch:25⤵
- Suspicious behavior: EnumeratesProcesses
PID:5068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:15⤵PID:3888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:15⤵PID:1016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:15⤵PID:376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:15⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:15⤵PID:5232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:15⤵PID:5276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:15⤵PID:5804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:15⤵PID:5912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2136 /prefetch:15⤵PID:6092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:15⤵PID:3068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:15⤵PID:1820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:15⤵PID:4048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:15⤵PID:5824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:15⤵PID:5032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:15⤵PID:5984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1404 /prefetch:15⤵PID:5716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13616467798609234517,10062836273621695748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:15⤵PID:5808
-
-
-
C:\Windows\SysWOW64\reg.exeREG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f4⤵
- Modifies registry key
PID:2736
-
-
C:\Windows\SysWOW64\timeout.exeTimeout 14⤵
- Delays execution with timeout.exe
PID:2540
-
-
C:\Windows\SysWOW64\net.exenet user Admin 888Z.QrK2T!ZDshw5jZ.QrK2T!ZDshw5jRR4⤵PID:2800
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 user Admin 888Z.QrK2T!ZDshw5jZ.QrK2T!ZDshw5jRR5⤵PID:4372
-
-
-
C:\Windows\SysWOW64\timeout.exeTimeout 14⤵
- Delays execution with timeout.exe
PID:2620
-
-
C:\Windows\SysWOW64\net.exenet stop wuauserv4⤵PID:2712
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop wuauserv5⤵PID:3004
-
-
-
C:\Windows\SysWOW64\timeout.exeTimeout 14⤵
- Delays execution with timeout.exe
PID:4404
-
-
C:\Windows\SysWOW64\reg.exeREG add HKCU\Software\Policies\Microsoft\Windows\System /f /v DisableCMD /t REG_DWORD /d 000000024⤵
- Modifies registry key
PID:2020
-
-
C:\Windows\SysWOW64\timeout.exeTimeout 504⤵
- Delays execution with timeout.exe
PID:2876
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sodnciwkms.vbs"4⤵PID:3444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/ZXMSRSgb#CZCknCulyrMI41JcV-HN4mth37dIfpkEw6156NbD4104⤵PID:2188
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6b1e46f8,0x7ffa6b1e4708,0x7ffa6b1e47185⤵PID:2104
-
-
-
C:\Windows\SysWOW64\timeout.exeTimeout 654⤵
- Delays execution with timeout.exe
PID:640
-
-
C:\Windows\SysWOW64\mspaint.exemspaint4⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=how+to+make+your+own+virus4⤵PID:4484
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6b1e46f8,0x7ffa6b1e4708,0x7ffa6b1e47185⤵PID:2840
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=how+to+speed+up+your+computer4⤵PID:1892
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffa6b1e46f8,0x7ffa6b1e4708,0x7ffa6b1e47185⤵PID:4536
-
-
-
C:\Windows\SysWOW64\timeout.exeTimeout 54⤵
- Delays execution with timeout.exe
PID:3492
-
-
C:\Windows\SysWOW64\mspaint.exemspaint4⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=FBI+OPEN+UP4⤵PID:3328
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6b1e46f8,0x7ffa6b1e4708,0x7ffa6b1e47185⤵PID:4312
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=mcafee+vs+avast4⤵PID:1864
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6b1e46f8,0x7ffa6b1e4708,0x7ffa6b1e47185⤵PID:3952
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=smudge+the+cat4⤵PID:344
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6b1e46f8,0x7ffa6b1e4708,0x7ffa6b1e47185⤵PID:1908
-
-
-
C:\Windows\SysWOW64\timeout.exeTimeout 54⤵
- Delays execution with timeout.exe
PID:2776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=how+to+make+your+own+rickroll4⤵PID:5656
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6b1e46f8,0x7ffa6b1e4708,0x7ffa6b1e47185⤵PID:5704
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.thisworldthesedays.com/how-to-remove-acid-rainexe-step-by-step-guide.html4⤵PID:5812
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6b1e46f8,0x7ffa6b1e4708,0x7ffa6b1e47185⤵PID:5836
-
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\n0rt0nant1ldks.vbs"4⤵PID:5888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=is+safe+deleting+system32F4⤵PID:6012
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6b1e46f8,0x7ffa6b1e4708,0x7ffa6b1e47185⤵PID:6024
-
-
-
C:\Windows\SysWOW64\timeout.exeTimeout 54⤵
- Delays execution with timeout.exe
PID:6036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1TMp5UbzwcHprY7PhC9g58KsCN9EZVdBV/view4⤵PID:5620
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6b1e46f8,0x7ffa6b1e4708,0x7ffa6b1e47185⤵PID:3680
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=how+to+make+a+ransomware+in+batch4⤵PID:6112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xc4,0x108,0x7ffa6b1e46f8,0x7ffa6b1e4708,0x7ffa6b1e47185⤵PID:5212
-
-
-
C:\Windows\SysWOW64\timeout.exeTimeout 54⤵
- Delays execution with timeout.exe
PID:5832
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hifjdnfejfnejnkdpamzm.vbs"4⤵PID:5616
-
-
C:\Windows\SysWOW64\timeout.exeTimeout 554⤵
- Delays execution with timeout.exe
PID:4336
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4256
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3472
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService1⤵PID:5064
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5279e783b0129b64a8529800a88fbf1ee
SHA1204c62ec8cef8467e5729cad52adae293178744f
SHA2563619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932
SHA51232730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b
-
Filesize
152B
MD5cbec32729772aa6c576e97df4fef48f5
SHA16ec173d5313f27ba1e46ad66c7bbe7c0a9767dba
SHA256d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e
SHA512425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0
-
Filesize
195KB
MD589d79dbf26a3c2e22ddd95766fe3173d
SHA1f38fd066eef4cf4e72a934548eafb5f6abb00b53
SHA256367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69
SHA512ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6
-
Filesize
24KB
MD5b82ca47ee5d42100e589bdd94e57936e
SHA10dad0cd7d0472248b9b409b02122d13bab513b4c
SHA256d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d
SHA51258840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383
-
Filesize
316KB
MD55eb1bdcbeaba836098d9fcefd6db3a44
SHA12456dc82f1430c67bfc18108895b813bf26f9c23
SHA25610db08ab3328fb1eb667ac2515e5ba83df2b1a5f354c65630486f457bf7fa0bb
SHA51237872d12c88dcbc6de0bd80718ce4c9f269a8a0df403b9122be3996b5657866dff788d2304492a0d0364aba3c4a1452d329f91285fcf481206cf3e57c3cb610b
-
Filesize
289B
MD5c3212ff3c41836e6bbfd0d8e9debb873
SHA10595fae4d208e4b7d75a4306e790ecaf47d5d102
SHA2568d06c661fc0790f3a1859aa79841b67a4820a0a8ceeddedfaaf2223df719c366
SHA512b19ac577e0fccb64f1e488258fe9d34b02d56032520738bb416786ef725b0f91e021801b1c376198162b40966adbf935dc7927287e8d6a4459fb5d7761417163
-
Filesize
18KB
MD5f8f9b521062b05c5ba5c12fb8093faff
SHA1df35c4034a5c66731d2d1c810cec5b53f96715f9
SHA2565c204b132f4d304f11c1aa188c117599b23fd1148b91593cd73b14feb8062649
SHA5124dc91c3391b796c1e179b8efb805d23ce7cc97535571e172e2884c5ead09e126a7339ff3286cc6bb861d0c06c24fe69b7283f180e1b8f23c59ed3fe4a872a0fb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD5a6a9b8960d263071187d182b7974d2ab
SHA174933ed0423d22f42dd99b1a343d808a31dac42a
SHA2567c883e29bb97925b471301d89d2e582900a414eba4745e87a5ce68884076b543
SHA51286dda7116f94f15d3d6cb4fab57fde6217b4cb1adf9e080b690d37e3d349dae1c18fbb21f048f34b0ad10c2dfd569a56479c0370f8de032f3288ef4e00f32f92
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD511fbcaf5e7074e9c4cb81aade5474d75
SHA1259dac025231921c51a44ffd32b88d89c3ee81cf
SHA256f77d79c32614bd435c3d05a79e50ba739f2ec6e537f1a017ffec135e91dd5393
SHA512e46e316cb99463924ecf98aab56f73f7fcb17142bc3f4c16c7650ef7b6c72ffadb0b2f364d672f64cbf84f2b7119a983fb111284662a7f12370164b5f32bc332
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
188B
MD5008114e1a1a614b35e8a7515da0f3783
SHA13c390d38126c7328a8d7e4a72d5848ac9f96549b
SHA2567301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18
SHA512a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b
-
Filesize
6KB
MD5a019fd20637ad54654c6ca1d473b5341
SHA146722480f198100e406af7590f49364afaa15f95
SHA2567fd954025d5fc43d5205881a42d56f2fa51590701d03cf0785dec9124ff2f300
SHA5128d24bf277e62d4501684ad14f015cc0519691532a09d8b4ad40adc3d161ac48c8635cbafe7f84c438839442553931dd293ec167ffc0472c4ae19daa242bb11f0
-
Filesize
8KB
MD56fe5790011b495415b85a0a72a39d050
SHA1c22f4d04ff97aeb7c5edb6687e7d865de15b0da1
SHA256d885ab6e3a297bab898b4193aac36565728963d0291ccd5aab140077f2b07989
SHA512fb6171411ac300166280b221c06f7d50b3d0f2f8b740fa893755da23081c3d8bf73758e07788f6df0147eac628a9d233a720224b8596e53b126700bbb4a504a8
-
Filesize
6KB
MD57524a4c0a73f79a31dbccbc12f0396b4
SHA1b246a7c4ddf5750bb9cc3cba4f02745d44ea8fe5
SHA2562053c4258660c8f0cfe828b30ae253e090e05a6ee5a35bd6d3b02849424abb7d
SHA51262a32bbf930d186dfee3d9fef65f57fbdd849c0546c8c43dc403ab7a3de5416d3fce62582262f2d7f04a55da0630284a4039e0ceff514c4cfca57f7442922062
-
Filesize
6KB
MD5496f8a78c46b3f33fcbc75b6fe25a37f
SHA17e99c9735cb294098831e022a9db3fe5b50c47d6
SHA256a250cfa45985eb088ae73fd0c4b4117e217ccef32dc8a19eae36e9f35c7ab4f2
SHA512c00c9de6e22ed70d599776f86ac0a7894ae3fd26328d84ed6491956b3e14872e17ff4d8782585873c7a0dee36adc6f4a3e7b0cd23fa028354daf74f1693c19f3
-
Filesize
7KB
MD55170db8681ca4a8146c51ae39efb5773
SHA13e215439a68a3f461ab5d41b4a48df37a0e5d369
SHA256e15b65f83b8440971213275e78310ca87a6f828156930f6dad1b5ff929d082c4
SHA5122ceab3c391dba26bb62eabeb08f3cf81b20d5f2933774c6a1d33aec2c1ca9f3edf1e2df4c1f79d6bd1320eb20786c973b58049f58dc57acc263ba6c0fccf26f9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD50db16858f98587ce21433f84613c6924
SHA12798dd5fae3ec06df3913ee8b7d3d4162fc81983
SHA256f5dde6dd712f90552a73f62528c6d7d9aab76f503220f6fe6b375dafec0f4584
SHA512a76dadf75650f2e7e6484ce8752fab533f93bb14d0b890767c5242b70d387f47d48df91eda7b386a2c0871fa5fcbc5008314892d8a34c741b6f5704b1d981e55
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c1e8.TMP
Filesize48B
MD5632fca4dc6dfcfc0d06a5c3239b90a31
SHA1d6b230019dbc261aecd5719ff2a73508b4896c51
SHA2565ba25536ad7908be97c4a45cf61123c258aa571e26a8282120086382bf289b43
SHA51277be98d322b8cfcac2e1239b3f72580ef6da171c68212df6b56cff165320aa73fd5088a4fcf984a74fdeee5cf3f724fd4b7da66584467351f469107f651b26fe
-
Filesize
369B
MD5497b8c38d8c85120ef5f21eece038e6e
SHA16b2642996f6565c9b65827abcdf19983b86e9bc2
SHA25623d25c83f6cdbc656b7a36a250b8cbbc45ebf4d2ca7319bbffb879a26732a9d5
SHA51268b7b140f7ac2c5854e827cbb32fcb9c8b9f3c3112cce8c43c2e34d4db9946036b8ad63b912a9a7b0920eede93d60670a348123c6a527751e9080a0221aa3135
-
Filesize
201B
MD551c98286c79d7027f088e9ad3e28c302
SHA119690c6a99c1745b150ef7f91b82599a61282b83
SHA2562b57457ac063a6b0e5f37d8d2eb196442df19b4fbfb2f83f2fbbde313fc5f02e
SHA512918f352401e85156e964e83ad0ea8f3cd440743ec0f311b4506de6133f10f8bb5bf56404a38f7ae3c5674c2474046276c2084eb3aa8f2cd12a1ed716008c79c9
-
Filesize
1KB
MD589512132143859dbccabcdec0e45a649
SHA18c039a9564ecada086f7f6713c85ee551fd3d252
SHA256c90aa193d853c412d24c0eb4389c591612fcb69345e47193658ecb08c639be56
SHA512611fec23d3a1b5d2793b41419934855e7d0bebe8b2c74dffabb6cab70e411e551809ee06bec04a3a3b86ad0b96579cf471b12403b39902746cf87c54a0c93867
-
Filesize
201B
MD5b1528b160e2d190b0ea5bbee2a5cf736
SHA19ca9a9c6eb18e6ab492a4c6ee906fb8afd085815
SHA2565d429911d4c740580df48ef969585e2df061c72cf23bda9f1bb95869f2fe865a
SHA512457e3fc5c4b9aa7847969e362dce83017a6cee3a165a01492b72965eb951cf89952a182db79c0fced5b7df86145473c4936fc23ef5f7fb14f3b8f22f76fcc827
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5361f52ce5a7922454368c1893b1bad73
SHA19c5525b8fa5c2e6e1d16c0cd1eed35f6f4b18391
SHA256cd03b3a8783f7028cf8c6f4f1474db97628789aefe9c408535d0348d9535bc03
SHA51200002c85ae14355838e111ce438748aed1a10ae6c56e62d28af1ca0aced9056e1cd97e191078e6d634cd60ec5ef4837bfb578616a5d3a921cb99fe895b4d6df6
-
Filesize
6KB
MD516a6fe0a61c21d85803c2b8383d5d3c2
SHA1fec9adfac8c278c3dc548989a97c574ccdcb0934
SHA2561942dd34f70465202360d5f299e7160cea4d108ac4305a94dbabd9b97f4b7bd0
SHA5126dd03c5c69caf470584153e5e91ae074868e3002dcc76a07e1782c8d23fa8f309c09b0a50b787606be958f051ef0fdb67d24d0c91eee261549d6d60b857ce061
-
Filesize
80KB
MD5b3904e987387ac3ff87b2d16e3e28156
SHA1d575167f14fc84625b1525e8a0dfa27c514b1357
SHA256143bb189902ec44987f475f6fce4c0f90c072e5d732dae58b5f79a3c31b5f584
SHA512a105063b598555d2b4c1a3950a7ac120ffc72ad362e6c76a364b48ff8c32e8daea48ef362b22aa62d848af1c20d3ef7c6536e717e874c6fad329ec0c22e9268f
-
Filesize
101KB
MD5aacce8318a2e5f0a43c8cd50907d6d29
SHA1fd5da11bbbcdb2421186626f461cb48fc634760c
SHA2567217260d8d9c6b0b6c8b797f64c516d8ebe4db48dc8a5fced46eab9082378724
SHA5128991368b7e5391b37c4584eedddfbb4041ddc554acad9742b390aad7b5b4791c106d1068b7c9c29cda9e14bd62e5c36894318246c247576162c54f30076190b5
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hifjdnfejfnejnkdpamzm.vbs
Filesize60B
MD570b06bab45636ed2ce89ffa1a56a2eda
SHA1781043fb2a866fc38233be0b8beccd7fbeb0513d
SHA256a9644355bc115a7a8fce8603643254f8061cce0e1af9db037b2bda9ca62f4fff
SHA512a8a3d984b253e83c6ab4c4ad9b6ba773f69166204649be63d6850136523861e42132411d1fce3a83c4408f8051413101f5835136cecfad2b8022cc3489f004aa
-
Filesize
113B
MD5076eec2d750fb2a85461d8b227b96124
SHA1d1a6638bc96e6e3adf0ca3e3cb4c846f77e365d8
SHA256a596e5753416572e877fe630002dc42afdbfa9ca80473e1385017b37e082a1a4
SHA5125c6ff87335577061483cbf79333728085f198a4ee56fabab7d2fc401cbe8b146ee5ad174a6c1f5ba02095b186bb0f3729a5927b7fda4feeb6f5ae7411fa70ab5
-
Filesize
84B
MD5139b5edf5ba8a4aa768281a29cac1649
SHA1da8a2d689695a749288f161032e1f042122e89d5
SHA2561dd686325c7471a59a43142c6d7dec01047b3e95147254b235fbc3652f923a7c
SHA512ebf47fe1de3dca337a891330e7a97fbcf6c899a212be1c07f666d8d1179f116a70b4fcc66accfff3e3942ec83c79170882c8d48019feee0a02ffb57f66e61af8
-
Filesize
1KB
MD59a0107076a89380e86d25b2f4c9d6e1e
SHA122975ec91a77e0333bdd7ab34f747ed070c10d8b
SHA256e98514fac8ec2c526c34912f1e7d15c29b44c72b7a3f9d6a5cf4eb499a71c07c
SHA5120a6b1b51b282449af7506459bc751eac8da9201d6668f6ae3ae28324f2f5b3ad9e5ea98937f5076920fe0c0877b40bdc52b1a2ee69937310ab9f0326f4aec8a9
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e