Overview
overview
10Static
static
10Venom-Rat-...0.html
windows7-x64
1Venom-Rat-...0.html
windows10-2004-x64
1Venom-Rat-...0.html
windows7-x64
1Venom-Rat-...0.html
windows10-2004-x64
1Venom-Rat-...il.dll
windows7-x64
1Venom-Rat-...il.dll
windows10-2004-x64
1Venom-Rat-...at.dll
windows7-x64
1Venom-Rat-...at.dll
windows10-2004-x64
1Venom-Rat-...me.dll
windows7-x64
1Venom-Rat-...me.dll
windows10-2004-x64
1Venom-Rat-...ed.exe
windows7-x64
8Venom-Rat-...ed.exe
windows10-2004-x64
8Majid Z Hacker.exe
windows7-x64
8Majid Z Hacker.exe
windows10-2004-x64
8Majid Z Hacker.exe
windows7-x64
10Majid Z Hacker.exe
windows10-2004-x64
10Windows Program.exe
windows7-x64
7Windows Program.exe
windows10-2004-x64
7script.vbs
windows7-x64
10script.vbs
windows10-2004-x64
10windows registry.exe
windows7-x64
10windows registry.exe
windows10-2004-x64
10firewall.exe
windows7-x64
8firewall.exe
windows10-2004-x64
Venom Cracked.exe
windows7-x64
1Venom Cracked.exe
windows10-2004-x64
1Venom-Rat-...er.exe
windows7-x64
1Venom-Rat-...er.exe
windows10-2004-x64
1Venom-Rat-...ed.exe
windows7-x64
10Venom-Rat-...ed.exe
windows10-2004-x64
10Majid Z Ha...te.exe
windows7-x64
10Majid Z Ha...te.exe
windows10-2004-x64
10Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
31-05-2024 12:30
Behavioral task
behavioral1
Sample
Venom-Rat-Cracked--main/Clients/Morpheus@DESKTOP-ALON1A1_367DDFD/Logs/10-31-2020.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Venom-Rat-Cracked--main/Clients/Morpheus@DESKTOP-ALON1A1_367DDFD/Logs/10-31-2020.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Venom-Rat-Cracked--main/Clients/Sam@DESKTOP-1HP3JNB_440CF1F/Logs/05-17-2020.html
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Venom-Rat-Cracked--main/Clients/Sam@DESKTOP-1HP3JNB_440CF1F/Logs/05-17-2020.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Venom-Rat-Cracked--main/Mono.Cecil.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Venom-Rat-Cracked--main/Mono.Cecil.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
Venom-Rat-Cracked--main/Mono.Nat.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Venom-Rat-Cracked--main/Mono.Nat.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
Venom-Rat-Cracked--main/VelyseTheme.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
Venom-Rat-Cracked--main/VelyseTheme.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
Venom-Rat-Cracked--main/Venom Activated Cracked.exe
Resource
win7-20240215-en
Behavioral task
behavioral12
Sample
Venom-Rat-Cracked--main/Venom Activated Cracked.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
Majid Z Hacker.exe
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
Majid Z Hacker.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
Majid Z Hacker.exe
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
Majid Z Hacker.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
Windows Program.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
Windows Program.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
script.vbs
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
script.vbs
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
windows registry.exe
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
windows registry.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
firewall.exe
Resource
win7-20240419-en
Behavioral task
behavioral24
Sample
firewall.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
Venom Cracked.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
Venom Cracked.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral27
Sample
Venom-Rat-Cracked--main/Venom Binder.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
Venom-Rat-Cracked--main/Venom Binder.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
Venom-Rat-Cracked--main/Venom Software RAT Activated Cracked.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
Venom-Rat-Cracked--main/Venom Software RAT Activated Cracked.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral31
Sample
Majid Z Hacker Website.exe
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
Majid Z Hacker Website.exe
Resource
win10v2004-20240508-en
General
-
Target
Venom-Rat-Cracked--main/Venom Activated Cracked.exe
-
Size
10.1MB
-
MD5
4dabfeed4b250a3248714458ae370ca8
-
SHA1
6e215b2a20039a4dbde18579a1419a4eb10946ac
-
SHA256
eb23cbc820d2b8fdc0227b2e89274edf2671163cae40e0a9bb930b91c05ac3a9
-
SHA512
7ea826cf27da942ce2e9db4a800b3c247670a8fc260af8686d14c48583f38f14b935d5af282a3774a9811f0957ca7318dc883307254554e907f7cfb5f6419a4c
-
SSDEEP
196608:m6+0f/ylacMb5mCbClb12UK4RDx5gRIAL1xXPm68DwOHRR+kc4N4FmDdgW7NaREE:m0f/KacMbR2J2UKEdiRIAL1xXPCwkEn7
Malware Config
Signatures
-
Modifies Windows Firewall 2 TTPs 64 IoCs
Processes:
netsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exenetsh.exepid process 6400 netsh.exe 2924 netsh.exe 7968 netsh.exe 9508 netsh.exe 2776 netsh.exe 2052 netsh.exe 1512 netsh.exe 1316 netsh.exe 11108 netsh.exe 4816 netsh.exe 7320 netsh.exe 10372 netsh.exe 10584 netsh.exe 7500 netsh.exe 7304 netsh.exe 4408 netsh.exe 5432 netsh.exe 3712 netsh.exe 3860 netsh.exe 1672 netsh.exe 9284 netsh.exe 9824 netsh.exe 10260 netsh.exe 304 netsh.exe 1868 netsh.exe 4156 netsh.exe 8656 netsh.exe 8456 netsh.exe 1704 netsh.exe 5600 netsh.exe 6316 netsh.exe 2980 netsh.exe 1876 netsh.exe 3076 netsh.exe 6056 netsh.exe 1312 netsh.exe 5440 netsh.exe 7016 netsh.exe 8128 netsh.exe 3792 netsh.exe 5756 netsh.exe 3520 netsh.exe 2272 netsh.exe 7332 netsh.exe 1252 netsh.exe 3920 netsh.exe 3532 netsh.exe 10448 netsh.exe 8936 netsh.exe 3584 netsh.exe 5028 netsh.exe 1360 netsh.exe 8924 netsh.exe 9388 netsh.exe 3192 netsh.exe 4968 netsh.exe 10832 netsh.exe 10580 netsh.exe 1704 netsh.exe 1252 netsh.exe 9532 netsh.exe 5244 netsh.exe 8036 netsh.exe 9640 netsh.exe -
Drops startup file 2 IoCs
Processes:
firewall.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe firewall.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe firewall.exe -
Executes dropped EXE 64 IoCs
Processes:
Venom Cracked.exeMajid Z Hacker.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exefirewall.exeMajid Z Hacker.exeMajid Z Hacker.exefirewall.exefirewall.exeMajid Z Hacker.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exeMajid Z Hacker.exefirewall.exepid process 1032 Venom Cracked.exe 1964 Majid Z Hacker.exe 2616 Majid Z Hacker.exe 2720 firewall.exe 2576 Majid Z Hacker.exe 2600 firewall.exe 2752 Majid Z Hacker.exe 2500 firewall.exe 2604 Majid Z Hacker.exe 2632 firewall.exe 2508 Majid Z Hacker.exe 2588 firewall.exe 2272 Majid Z Hacker.exe 1108 firewall.exe 2840 Majid Z Hacker.exe 2888 firewall.exe 2884 Majid Z Hacker.exe 2900 firewall.exe 1716 Majid Z Hacker.exe 2348 firewall.exe 1444 Majid Z Hacker.exe 2524 firewall.exe 3032 Majid Z Hacker.exe 1916 firewall.exe 2940 Majid Z Hacker.exe 1820 firewall.exe 484 Majid Z Hacker.exe 1796 firewall.exe 1976 Majid Z Hacker.exe 1784 firewall.exe 2056 firewall.exe 2012 Majid Z Hacker.exe 1596 Majid Z Hacker.exe 1592 firewall.exe 2064 firewall.exe 1968 Majid Z Hacker.exe 1932 Majid Z Hacker.exe 2660 firewall.exe 1312 Majid Z Hacker.exe 2764 firewall.exe 1436 Majid Z Hacker.exe 2728 firewall.exe 1588 Majid Z Hacker.exe 2932 firewall.exe 2412 Majid Z Hacker.exe 2680 firewall.exe 1628 Majid Z Hacker.exe 2012 firewall.exe 3200 Majid Z Hacker.exe 3208 firewall.exe 3364 Majid Z Hacker.exe 3372 firewall.exe 3468 Majid Z Hacker.exe 3492 firewall.exe 3676 Majid Z Hacker.exe 3728 firewall.exe 3844 Majid Z Hacker.exe 3900 firewall.exe 4012 Majid Z Hacker.exe 4068 firewall.exe 3152 Majid Z Hacker.exe 3228 firewall.exe 3252 Majid Z Hacker.exe 3332 firewall.exe -
Loads dropped DLL 64 IoCs
Processes:
Venom Activated Cracked.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exedw20.exedw20.exedw20.exedw20.exedw20.exedw20.exedw20.exedw20.exedw20.exeMajid Z Hacker.exedw20.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exedw20.exedw20.exedw20.exedw20.exedw20.exeMajid Z Hacker.exepid process 2316 Venom Activated Cracked.exe 2316 Venom Activated Cracked.exe 1964 Majid Z Hacker.exe 1964 Majid Z Hacker.exe 2616 Majid Z Hacker.exe 2616 Majid Z Hacker.exe 2576 Majid Z Hacker.exe 2576 Majid Z Hacker.exe 2752 Majid Z Hacker.exe 2752 Majid Z Hacker.exe 2604 Majid Z Hacker.exe 2604 Majid Z Hacker.exe 2508 Majid Z Hacker.exe 2508 Majid Z Hacker.exe 2272 Majid Z Hacker.exe 2272 Majid Z Hacker.exe 2840 Majid Z Hacker.exe 2840 Majid Z Hacker.exe 2884 Majid Z Hacker.exe 2884 Majid Z Hacker.exe 1716 Majid Z Hacker.exe 1716 Majid Z Hacker.exe 1444 Majid Z Hacker.exe 1444 Majid Z Hacker.exe 3032 Majid Z Hacker.exe 3032 Majid Z Hacker.exe 2940 Majid Z Hacker.exe 1760 dw20.exe 2772 dw20.exe 2804 dw20.exe 2940 Majid Z Hacker.exe 700 dw20.exe 2556 dw20.exe 2036 dw20.exe 1296 dw20.exe 2812 dw20.exe 2196 dw20.exe 484 Majid Z Hacker.exe 484 Majid Z Hacker.exe 2252 dw20.exe 1976 Majid Z Hacker.exe 1976 Majid Z Hacker.exe 2012 Majid Z Hacker.exe 2012 Majid Z Hacker.exe 1596 Majid Z Hacker.exe 1596 Majid Z Hacker.exe 1968 Majid Z Hacker.exe 1968 Majid Z Hacker.exe 1932 Majid Z Hacker.exe 1932 Majid Z Hacker.exe 1312 Majid Z Hacker.exe 1312 Majid Z Hacker.exe 1436 Majid Z Hacker.exe 1436 Majid Z Hacker.exe 1588 Majid Z Hacker.exe 1588 Majid Z Hacker.exe 2412 Majid Z Hacker.exe 2412 Majid Z Hacker.exe 2620 dw20.exe 2116 dw20.exe 1852 dw20.exe 1436 dw20.exe 2880 dw20.exe 1628 Majid Z Hacker.exe -
Adds Run key to start application 2 TTPs 64 IoCs
Processes:
firewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\34d91dfb34a7283483d0aaba9d10147d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Microsoft\\svchost.exe" firewall.exe -
Drops autorun.inf file 1 TTPs 64 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
Processes:
firewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exedescription ioc process File opened for modification C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Pictures\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Pictures\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Pictures\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Pictures\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Pictures\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Pictures\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Pictures\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Pictures\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Pictures\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Pictures\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Pictures\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Pictures\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Pictures\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Pictures\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File created C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Music\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe File opened for modification C:\Users\Admin\Documents\My Videos\autorun.inf firewall.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NSIS installer 2 IoCs
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe nsis_installer_1 C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe nsis_installer_2 -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
firewall.exefirewall.exepid process 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 1592 firewall.exe 2064 firewall.exe 2064 firewall.exe 2064 firewall.exe 2064 firewall.exe 2064 firewall.exe 2064 firewall.exe 2064 firewall.exe 2064 firewall.exe 2064 firewall.exe 2064 firewall.exe 2064 firewall.exe 2064 firewall.exe 2064 firewall.exe 2064 firewall.exe 2064 firewall.exe 2064 firewall.exe 2064 firewall.exe 2064 firewall.exe 2064 firewall.exe 2064 firewall.exe 2064 firewall.exe 2064 firewall.exe -
Suspicious behavior: GetForegroundWindowSpam 16 IoCs
Processes:
dw20.exedw20.exedw20.exedw20.exedw20.exedw20.exedw20.exedw20.exedw20.exedw20.exedw20.exedw20.exedw20.exedw20.exedw20.exedw20.exepid process 2036 dw20.exe 1296 dw20.exe 2812 dw20.exe 1760 dw20.exe 2804 dw20.exe 2772 dw20.exe 2556 dw20.exe 700 dw20.exe 2196 dw20.exe 2252 dw20.exe 2620 dw20.exe 1436 dw20.exe 2880 dw20.exe 2116 dw20.exe 1852 dw20.exe 3276 dw20.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
firewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exefirewall.exedescription pid process Token: SeDebugPrivilege 2524 firewall.exe Token: SeDebugPrivilege 1820 firewall.exe Token: SeDebugPrivilege 1796 firewall.exe Token: SeDebugPrivilege 1784 firewall.exe Token: SeDebugPrivilege 2056 firewall.exe Token: SeDebugPrivilege 1592 firewall.exe Token: SeDebugPrivilege 2064 firewall.exe Token: SeDebugPrivilege 2660 firewall.exe Token: SeDebugPrivilege 2764 firewall.exe Token: SeDebugPrivilege 2728 firewall.exe Token: SeDebugPrivilege 2932 firewall.exe Token: SeDebugPrivilege 2680 firewall.exe Token: SeDebugPrivilege 1916 firewall.exe Token: SeDebugPrivilege 2600 firewall.exe Token: SeDebugPrivilege 2720 firewall.exe Token: SeDebugPrivilege 2900 firewall.exe Token: SeDebugPrivilege 2012 firewall.exe Token: SeDebugPrivilege 3208 firewall.exe Token: SeDebugPrivilege 3372 firewall.exe Token: SeDebugPrivilege 3492 firewall.exe Token: SeDebugPrivilege 3728 firewall.exe Token: SeDebugPrivilege 3900 firewall.exe Token: SeDebugPrivilege 4068 firewall.exe Token: SeDebugPrivilege 3228 firewall.exe Token: SeDebugPrivilege 3332 firewall.exe Token: SeDebugPrivilege 3596 firewall.exe Token: SeDebugPrivilege 3868 firewall.exe Token: SeDebugPrivilege 3592 firewall.exe Token: SeDebugPrivilege 2504 firewall.exe Token: SeDebugPrivilege 3684 firewall.exe Token: SeDebugPrivilege 3816 firewall.exe Token: SeDebugPrivilege 3460 firewall.exe Token: SeDebugPrivilege 2888 firewall.exe Token: SeDebugPrivilege 2500 firewall.exe Token: SeDebugPrivilege 2632 firewall.exe Token: SeDebugPrivilege 2588 firewall.exe Token: SeDebugPrivilege 3200 firewall.exe Token: SeDebugPrivilege 4092 firewall.exe Token: SeDebugPrivilege 3720 firewall.exe Token: SeDebugPrivilege 3132 firewall.exe Token: SeDebugPrivilege 3716 firewall.exe Token: SeDebugPrivilege 3088 firewall.exe Token: SeDebugPrivilege 892 firewall.exe Token: SeDebugPrivilege 3324 firewall.exe Token: SeDebugPrivilege 3360 firewall.exe Token: SeDebugPrivilege 4268 firewall.exe Token: SeDebugPrivilege 4436 firewall.exe Token: SeDebugPrivilege 4608 firewall.exe Token: SeDebugPrivilege 4768 firewall.exe Token: SeDebugPrivilege 4892 firewall.exe Token: SeDebugPrivilege 5060 firewall.exe Token: SeDebugPrivilege 4160 firewall.exe Token: SeDebugPrivilege 4396 firewall.exe Token: SeDebugPrivilege 4148 firewall.exe Token: SeDebugPrivilege 4836 firewall.exe Token: SeDebugPrivilege 5092 firewall.exe Token: SeDebugPrivilege 3928 firewall.exe Token: SeDebugPrivilege 4568 firewall.exe Token: SeDebugPrivilege 4476 firewall.exe Token: SeDebugPrivilege 3704 firewall.exe Token: SeDebugPrivilege 4428 firewall.exe Token: SeDebugPrivilege 4332 firewall.exe Token: SeDebugPrivilege 5080 firewall.exe Token: SeDebugPrivilege 4724 firewall.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
Venom Activated Cracked.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exeMajid Z Hacker.exedescription pid process target process PID 2316 wrote to memory of 1032 2316 Venom Activated Cracked.exe Venom Cracked.exe PID 2316 wrote to memory of 1032 2316 Venom Activated Cracked.exe Venom Cracked.exe PID 2316 wrote to memory of 1032 2316 Venom Activated Cracked.exe Venom Cracked.exe PID 2316 wrote to memory of 1032 2316 Venom Activated Cracked.exe Venom Cracked.exe PID 2316 wrote to memory of 1964 2316 Venom Activated Cracked.exe Majid Z Hacker.exe PID 2316 wrote to memory of 1964 2316 Venom Activated Cracked.exe Majid Z Hacker.exe PID 2316 wrote to memory of 1964 2316 Venom Activated Cracked.exe Majid Z Hacker.exe PID 2316 wrote to memory of 1964 2316 Venom Activated Cracked.exe Majid Z Hacker.exe PID 1964 wrote to memory of 2616 1964 Majid Z Hacker.exe Majid Z Hacker.exe PID 1964 wrote to memory of 2616 1964 Majid Z Hacker.exe Majid Z Hacker.exe PID 1964 wrote to memory of 2616 1964 Majid Z Hacker.exe Majid Z Hacker.exe PID 1964 wrote to memory of 2616 1964 Majid Z Hacker.exe Majid Z Hacker.exe PID 1964 wrote to memory of 2720 1964 Majid Z Hacker.exe firewall.exe PID 1964 wrote to memory of 2720 1964 Majid Z Hacker.exe firewall.exe PID 1964 wrote to memory of 2720 1964 Majid Z Hacker.exe firewall.exe PID 1964 wrote to memory of 2720 1964 Majid Z Hacker.exe firewall.exe PID 2616 wrote to memory of 2576 2616 Majid Z Hacker.exe Majid Z Hacker.exe PID 2616 wrote to memory of 2576 2616 Majid Z Hacker.exe Majid Z Hacker.exe PID 2616 wrote to memory of 2576 2616 Majid Z Hacker.exe Majid Z Hacker.exe PID 2616 wrote to memory of 2576 2616 Majid Z Hacker.exe Majid Z Hacker.exe PID 2616 wrote to memory of 2600 2616 Majid Z Hacker.exe firewall.exe PID 2616 wrote to memory of 2600 2616 Majid Z Hacker.exe firewall.exe PID 2616 wrote to memory of 2600 2616 Majid Z Hacker.exe firewall.exe PID 2616 wrote to memory of 2600 2616 Majid Z Hacker.exe firewall.exe PID 2576 wrote to memory of 2752 2576 Majid Z Hacker.exe Majid Z Hacker.exe PID 2576 wrote to memory of 2752 2576 Majid Z Hacker.exe Majid Z Hacker.exe PID 2576 wrote to memory of 2752 2576 Majid Z Hacker.exe Majid Z Hacker.exe PID 2576 wrote to memory of 2752 2576 Majid Z Hacker.exe Majid Z Hacker.exe PID 2576 wrote to memory of 2500 2576 Majid Z Hacker.exe firewall.exe PID 2576 wrote to memory of 2500 2576 Majid Z Hacker.exe firewall.exe PID 2576 wrote to memory of 2500 2576 Majid Z Hacker.exe firewall.exe PID 2576 wrote to memory of 2500 2576 Majid Z Hacker.exe firewall.exe PID 2752 wrote to memory of 2604 2752 Majid Z Hacker.exe Majid Z Hacker.exe PID 2752 wrote to memory of 2604 2752 Majid Z Hacker.exe Majid Z Hacker.exe PID 2752 wrote to memory of 2604 2752 Majid Z Hacker.exe Majid Z Hacker.exe PID 2752 wrote to memory of 2604 2752 Majid Z Hacker.exe Majid Z Hacker.exe PID 2752 wrote to memory of 2632 2752 Majid Z Hacker.exe firewall.exe PID 2752 wrote to memory of 2632 2752 Majid Z Hacker.exe firewall.exe PID 2752 wrote to memory of 2632 2752 Majid Z Hacker.exe firewall.exe PID 2752 wrote to memory of 2632 2752 Majid Z Hacker.exe firewall.exe PID 2604 wrote to memory of 2508 2604 Majid Z Hacker.exe Majid Z Hacker.exe PID 2604 wrote to memory of 2508 2604 Majid Z Hacker.exe Majid Z Hacker.exe PID 2604 wrote to memory of 2508 2604 Majid Z Hacker.exe Majid Z Hacker.exe PID 2604 wrote to memory of 2508 2604 Majid Z Hacker.exe Majid Z Hacker.exe PID 2604 wrote to memory of 2588 2604 Majid Z Hacker.exe firewall.exe PID 2604 wrote to memory of 2588 2604 Majid Z Hacker.exe firewall.exe PID 2604 wrote to memory of 2588 2604 Majid Z Hacker.exe firewall.exe PID 2604 wrote to memory of 2588 2604 Majid Z Hacker.exe firewall.exe PID 2508 wrote to memory of 2272 2508 Majid Z Hacker.exe netsh.exe PID 2508 wrote to memory of 2272 2508 Majid Z Hacker.exe netsh.exe PID 2508 wrote to memory of 2272 2508 Majid Z Hacker.exe netsh.exe PID 2508 wrote to memory of 2272 2508 Majid Z Hacker.exe netsh.exe PID 2508 wrote to memory of 1108 2508 Majid Z Hacker.exe firewall.exe PID 2508 wrote to memory of 1108 2508 Majid Z Hacker.exe firewall.exe PID 2508 wrote to memory of 1108 2508 Majid Z Hacker.exe firewall.exe PID 2508 wrote to memory of 1108 2508 Majid Z Hacker.exe firewall.exe PID 2272 wrote to memory of 2840 2272 Majid Z Hacker.exe Majid Z Hacker.exe PID 2272 wrote to memory of 2840 2272 Majid Z Hacker.exe Majid Z Hacker.exe PID 2272 wrote to memory of 2840 2272 Majid Z Hacker.exe Majid Z Hacker.exe PID 2272 wrote to memory of 2840 2272 Majid Z Hacker.exe Majid Z Hacker.exe PID 2272 wrote to memory of 2888 2272 Majid Z Hacker.exe firewall.exe PID 2272 wrote to memory of 2888 2272 Majid Z Hacker.exe firewall.exe PID 2272 wrote to memory of 2888 2272 Majid Z Hacker.exe firewall.exe PID 2272 wrote to memory of 2888 2272 Majid Z Hacker.exe firewall.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Venom-Rat-Cracked--main\Venom Activated Cracked.exe"C:\Users\Admin\AppData\Local\Temp\Venom-Rat-Cracked--main\Venom Activated Cracked.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Venom Cracked.exe"C:\Users\Admin\AppData\Local\Temp\Venom Cracked.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"9⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"10⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"11⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"12⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"13⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"14⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"15⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"16⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"17⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"18⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"19⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"20⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"21⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"22⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"23⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"24⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"25⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"26⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"27⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"28⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"29⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"30⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"31⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"32⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"33⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"34⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"35⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"36⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"37⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"38⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"39⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"40⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"41⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"42⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"43⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"44⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"45⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"46⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"47⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"48⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"49⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"50⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"51⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"52⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"53⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"54⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"55⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"56⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"57⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"58⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"59⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"60⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"61⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"62⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"63⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"64⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"65⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"66⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"67⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"68⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"69⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"70⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"71⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"72⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"73⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"74⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"75⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"76⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"77⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"78⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"79⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"80⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"81⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"82⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"83⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"84⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"85⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"86⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"87⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"88⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"89⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"90⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"91⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"92⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"93⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"94⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"95⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"96⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"97⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"98⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"99⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"100⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"101⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"102⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"103⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"104⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"105⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"106⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"107⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"108⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"109⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"110⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"111⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"112⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"113⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"114⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"115⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"116⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"117⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"118⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"119⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"120⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"121⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"122⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"123⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"124⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"125⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"126⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"127⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"128⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"129⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"130⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"131⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"132⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"133⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"134⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"135⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"136⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"137⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"138⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"139⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"140⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"141⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"142⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"143⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"144⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"145⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"146⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"147⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"148⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"149⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"150⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"151⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"152⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"153⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"154⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"155⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"156⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"157⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"158⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"159⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"160⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"161⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"162⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"163⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"164⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"165⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"166⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"167⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"168⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"169⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"170⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"171⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"172⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"173⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"174⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"175⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"176⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"177⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"178⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"179⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"180⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"181⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"182⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"183⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"184⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"185⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"186⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"187⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"188⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"189⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"190⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"191⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"192⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"193⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"194⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"195⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"196⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"197⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"198⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"199⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"200⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"201⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"202⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"203⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"204⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"205⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"206⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"207⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"208⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"209⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"210⤵
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exe"211⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"211⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"210⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable211⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"209⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable210⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"208⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable209⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"207⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable208⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"206⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable207⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"205⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable206⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"204⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable205⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"203⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable204⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"202⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable203⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"201⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable202⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"200⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable201⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"199⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable200⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"198⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable199⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"197⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable198⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"196⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable197⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"195⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable196⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"194⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable195⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"193⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable194⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"192⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable193⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"191⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable192⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"190⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable191⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"189⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable190⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"188⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable189⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"187⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable188⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"186⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable187⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"185⤵
- Adds Run key to start application
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable186⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"184⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable185⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"183⤵
- Adds Run key to start application
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable184⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"182⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable183⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"181⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable182⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"180⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable181⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"179⤵
- Adds Run key to start application
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable180⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"178⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable179⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"177⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable178⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"176⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable177⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"175⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable176⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"174⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable175⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"173⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable174⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"172⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable173⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"171⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable172⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"170⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable171⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"169⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable170⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"168⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable169⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"167⤵
- Adds Run key to start application
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable168⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"166⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable167⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"165⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable166⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"164⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable165⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"163⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable164⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"162⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable163⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"161⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable162⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"160⤵
- Adds Run key to start application
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable161⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"159⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable160⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"158⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable159⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"157⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable158⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"156⤵
- Adds Run key to start application
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable157⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"155⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable156⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"154⤵
- Adds Run key to start application
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable155⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"153⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable154⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"152⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable153⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"151⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable152⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"150⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable151⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"149⤵
- Adds Run key to start application
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable150⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"148⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable149⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"147⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable148⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"146⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable147⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"145⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable146⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"144⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable145⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"143⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable144⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"142⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable143⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"141⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable142⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"140⤵
- Adds Run key to start application
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable141⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"139⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable140⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"138⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable139⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"137⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable138⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"136⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable137⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"135⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable136⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"134⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable135⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"133⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable134⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"132⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable133⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"131⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable132⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"130⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable131⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"129⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable130⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"128⤵
- Adds Run key to start application
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable129⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"127⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable128⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"126⤵
- Adds Run key to start application
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable127⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"125⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable126⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"124⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable125⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"123⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable124⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"122⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable123⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"121⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable122⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"120⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable121⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"119⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable120⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"118⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable119⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"117⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable118⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"116⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable117⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"115⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable116⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"114⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable115⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"113⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable114⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"112⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable113⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"111⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable112⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"110⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable111⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"109⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable110⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"108⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable109⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"107⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable108⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"106⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable107⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"105⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable106⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"104⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable105⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"103⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable104⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"102⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable103⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"101⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable102⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"100⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable101⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"99⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable100⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"98⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable99⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"97⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable98⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"96⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable97⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"95⤵
- Adds Run key to start application
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable96⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"94⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable95⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"93⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable94⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"92⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable93⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"91⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable92⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"90⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable91⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"89⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable90⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"88⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable89⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"87⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable88⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"86⤵
- Adds Run key to start application
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable87⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"85⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable86⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"84⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable85⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"83⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable84⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"82⤵
- Adds Run key to start application
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable83⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"81⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable82⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"80⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable81⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"79⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable80⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"78⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable79⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"77⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable78⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"76⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable77⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"75⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable76⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"74⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable75⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"73⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable74⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"72⤵
- Adds Run key to start application
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable73⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"71⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable72⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"70⤵
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable71⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"69⤵
- Drops autorun.inf file
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable70⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"68⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable69⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"67⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable68⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"66⤵
- Drops autorun.inf file
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable67⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"65⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable66⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"64⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable65⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"63⤵
- Adds Run key to start application
- Drops autorun.inf file
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable64⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"62⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable63⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"61⤵
- Drops autorun.inf file
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable62⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"60⤵
- Drops autorun.inf file
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable61⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"59⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable60⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"58⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable59⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"57⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable58⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"56⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable57⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"55⤵
- Drops autorun.inf file
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable56⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"54⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable55⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"53⤵
- Drops autorun.inf file
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable54⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"52⤵
- Drops autorun.inf file
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable53⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"51⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable52⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"50⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable51⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"49⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable50⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"48⤵
- Drops autorun.inf file
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable49⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"47⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable48⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"46⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable47⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"45⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable46⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"44⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable45⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"43⤵
- Drops autorun.inf file
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable44⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"42⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable43⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"41⤵
- Drops autorun.inf file
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable42⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"40⤵
- Adds Run key to start application
- Drops autorun.inf file
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable41⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"39⤵
- Adds Run key to start application
- Drops autorun.inf file
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable40⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"38⤵
- Drops autorun.inf file
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable39⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"37⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable38⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"36⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable37⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"35⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable36⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"34⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable35⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"33⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable34⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"32⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable33⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"31⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable32⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"30⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable31⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"29⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops autorun.inf file
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable30⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"28⤵
- Executes dropped EXE
- Drops autorun.inf file
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable29⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"27⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable28⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"26⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable27⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"25⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable26⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"24⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable25⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"23⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable24⤵
- Modifies Windows Firewall
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 80024⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"22⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops autorun.inf file
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable23⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 61623⤵
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"21⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable22⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"20⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable21⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"19⤵
- Executes dropped EXE
- Drops autorun.inf file
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable20⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"18⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops autorun.inf file
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable19⤵
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"17⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable18⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 69618⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"16⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable17⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 67617⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"15⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable16⤵
- Modifies Windows Firewall
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 77216⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"14⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable15⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 61215⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"13⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 45214⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"12⤵
- Drops startup file
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exe"netsh.exe" firewall set opmode disable13⤵
- Modifies Windows Firewall
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 77213⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"11⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 46812⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"10⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 44411⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"9⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 44810⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"8⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 4489⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"7⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 4448⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"6⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 4487⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"5⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 4486⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 4485⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\AppData\Local\Temp\firewall.exe"C:\Users\Admin\AppData\Local\Temp\firewall.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exedw20.exe -x -s 4484⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "20251472931773782656-1576039694-531885778-692501751-1422621171-1444574897-50353409"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-2079740588-18395365641295477587-17943024362081457173-2008131164118830058518157908"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "11093675511230549848-197805417-1413792619214362119378401157529491967283475774"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1744492268-1928640524-18691968211849215655-1683947586-1396263606-1267571019-103912462"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-54726564-2165595702016792488-1125458579-16935220891464725563-1995880768-186687075"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "173174609715208034171396690531-1552161427-819058201198869920713689263401796367550"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-2673208131910477621213275801748242724869945208616299978-12455917541498486543"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "8011517989023413442030405265-109712483429032355-349664253764751223-276444024"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1862083205-1805932713-1462415750-2107883219-10698618371823877204-988443451-595089234"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1739774443-572371062-2264099461268552392979803262174006169716380589361523458504"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "874047844-640451798-1665826960-526485156-1405659934402390561439515853273316439"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-19262275782102372632-1525137531-4096869512031383586000786991947989786-161818545"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "443425800-758414831904883201163872052796509932-7198047491919090882963446351"1⤵
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe -Embedding1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-760392510576731457-151030939812351318239980704-1643105277-907486538807825790"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "924606291746642801-9011195631452936139-547793322-862671979-2682112901933542804"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-18151632892056862026-1146832764814104979-1803719604420013956-535841284-1279642386"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1123171608-18407187931744508634565390080915217986-8419869662089029461883117721"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\BlackData.datFilesize
3B
MD593cba07454f06a4a960172bbd6e2a435
SHA15397e0583f14f6c88de06b1ef28f460a1fb5b0ae
SHA25685a39ab345d672ff8ca9b9c6876f3adcacf45ee7c1e2dbd2408fd338bd55e07e
SHA5126b99acba1e4e469610f9227829648fa52e7ad463f22568f0a04188f2d465a585ba077f12d1a527674c338470e79665fd16e54f25553482cddd85845232d186f9
-
C:\Users\Admin\AppData\Local\Temp\Majid Z Hacker.exeFilesize
462KB
MD5a8a8d6f3b48466242959545235d1c9b6
SHA10c2d670dc3b3b07a2498756e1d46fd1fee53a621
SHA25609d709640f6884d6b7e7501175cfdcc3724df07785c081c0e14b20cbcdf382ec
SHA51209f08dd6026b2e24a05e20505723055deceffaba3d351dd49cdc934d038ef0796a3d8d481fe7734b3ec3ba80f4800994983441204dbc3f12baf4f637534a4796
-
C:\Users\Admin\AppData\Local\Temp\Venom Cracked.exeFilesize
12.1MB
MD5750015e08a9409c80cd3837daebb970a
SHA1bfd1122f8c459862717b0b7a50b7216fc2573880
SHA2563c413ee4b07c531c891ac1852d3d1b6a60bdc92e549e9cf4744d4fe85ebb5de2
SHA512f35938eac84d6084d9239977462c965bab95924895cd2b73e501a7d7c2ff400aaeaefbdc3302ac8f8c13cd49e22d19e95ef530cf1cc10f79f6ab62653021e5ac
-
C:\Users\Admin\AppData\Local\Temp\firewall.exeFilesize
40KB
MD5085242fc50844dc41d1966e620d3e121
SHA15e9a343256313938468d5d4fb92e39c5ef6f8c91
SHA256180b8e0169f2c89d3b4f34d3ee5b26f5578211068be74cf9c2fd194d8cda9b3d
SHA5123341c74802aa98ce2bd7b15d2921d3082110c62ee6d82df784cb610c1594d905c82c6ae79cf43d76f98db7a8a4951686898ba1dddeb9615fca6480ac6bb7887b
-
C:\Users\Admin\Music\autorun.infFilesize
287B
MD515755ea8c0f620cfdaf9ada425e6b4c2
SHA1868d9aca932d7a1a0d26ba19d613e34f3325a4eb
SHA2563ae21c30b4273c6dfcc5841aaa18d776e53dd9dd9458051cb5457e25af4250fe
SHA5126a44ff83fcf9d22fe1d06d3333be2bcfd45df0a9bc449cdf857d255c69d88497efc8c00c6a4ba383da6ebd7d422e87fea2e78ad62ec678fa3dc1aac29e34fae9
-
C:\Users\Admin\Pictures\autorun.infFilesize
299B
MD5d7111cd7ccdee778d8261d4e03614a85
SHA1f88c30e0403764b7384e3ef64cb54a1c2f5121f4
SHA2566ad6f66d55b492f4f982a1bbe9ba99b20f3c77b93285cca02ca7843642336aa3
SHA51215578fff5e7ee767edeaa4da93a66b2a634d8caa7a0a06223481fa6ab1c97c64f3871a36550406bc29f2e1262bb01e282d022cd55e9e7aa8ce9745fa3037c5b1
-
C:\Users\Admin\Videos\autorun.infFilesize
291B
MD55cda9292cfaacb554b5ddda7a5d8daa0
SHA105d78ca665e4186a6245c29c9b392e090a9d0937
SHA2568cbbcbdb2618fb7eaf7e09ceceee1c9d0cbdf609e4f0fc9a6a2de71912ceb174
SHA512825381e97b7a0458898f27a95584affa011d1038a380a3e19c81cb04a80bbb9924536fa6c53dbde073d371de2918ede9a0e2427b9227888ce208b6ac50accdba
-
memory/1032-12-0x000007FEF5363000-0x000007FEF5364000-memory.dmpFilesize
4KB
-
memory/1032-27-0x0000000000AE0000-0x00000000016FA000-memory.dmpFilesize
12.1MB
-
memory/1032-1226-0x000007FEF5363000-0x000007FEF5364000-memory.dmpFilesize
4KB