Analysis
-
max time kernel
803s -
max time network
1799s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
03-07-2024 05:50
General
-
Target
http://google.com
Score
10/10
Malware Config
Signatures
-
UAC bypass 3 TTPs 2 IoCs
-
Blocklisted process makes network request 8 IoCs
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Disables cmd.exe use via registry modification 2 IoCs
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 64 IoCs
-
Possible privilege escalation attempt 8 IoCs
-
Checks computer location settings 2 TTPs 4 IoCs
Looks up country code configured in the registry, likely geofence.
-
Impair Defenses: Safe Mode Boot 1 TTPs 6 IoCs
-
Modifies file permissions 1 TTPs 8 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Checks whether UAC is enabled 1 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 4 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 2 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 58 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Kills process with taskkill 2 IoCs
-
Modifies Control Panel 8 IoCs
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
Modifies registry class 55 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 56 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 44 IoCs
-
System policy modification 1 TTPs 62 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3832,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=4128 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3784,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=4212 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5292,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5452,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5460,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5932,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5904 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5976,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5896 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6116,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5620,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5636,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=2896,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=4124 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=6572,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=6608 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=6504,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=6748 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6516,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=6496 /prefetch:81⤵
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=6544,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=3820 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=7028,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7012 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=6740,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=6692 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1040,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=1036 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --field-trial-handle=7320,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5640 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=6884,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7268 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7752,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7808 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=7936,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7952 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --field-trial-handle=7772,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7140 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7060,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=6700 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --field-trial-handle=7076,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7688 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6668,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7420 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=7120,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7024 /prefetch:81⤵
-
C:\Users\Admin\Downloads\Alerta.exe"C:\Users\Admin\Downloads\Alerta.exe"1⤵
-
C:\Users\Admin\Downloads\Alerta.exe"C:\Users\Admin\Downloads\Alerta.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --field-trial-handle=7372,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=6640 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7352,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7912 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=7116,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7384 /prefetch:81⤵
-
C:\Users\Admin\Downloads\BlueScreen.exe"C:\Users\Admin\Downloads\BlueScreen.exe"1⤵
-
C:\Users\Admin\Downloads\BlueScreen.exe"C:\Users\Admin\Downloads\BlueScreen.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --field-trial-handle=6672,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7696 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7316,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7532 /prefetch:81⤵
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\Bolbi.vbs"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\wscript.exe"C:\Windows\System32\wscript.exe" "C:\Users\Admin\Downloads\Bolbi.vbs" /elevated2⤵
- UAC bypass
- Blocklisted process makes network request
- Disables cmd.exe use via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Adds Run key to start application
- Checks whether UAC is enabled
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Control Panel
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c C:\Users\Public\Ghostroot\KillDora.bat3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters4⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal" /f4⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\System\CurrentControlSet\Control\SafeBoot\Network" /f4⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im explorer.exe4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\explorer.exeexplorer.exe4⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32 /Grant Users:F4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\icacls.exeicacls C:\Windows\ /Grant Users:F4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\Bolbi.vbs"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\wscript.exe"C:\Windows\System32\wscript.exe" "C:\Users\Admin\Downloads\Bolbi.vbs" /elevated2⤵
- UAC bypass
- Blocklisted process makes network request
- Disables cmd.exe use via registry modification
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Adds Run key to start application
- Checks whether UAC is enabled
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Control Panel
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c C:\Users\Public\Ghostroot\KillDora.bat3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters4⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal" /f4⤵
- Impair Defenses: Safe Mode Boot
-
C:\Windows\system32\reg.exereg delete "HKLM\System\CurrentControlSet\Control\SafeBoot\Network" /f4⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im explorer.exe4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\explorer.exeexplorer.exe4⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32 /Grant Users:F4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\icacls.exeicacls C:\Windows\ /Grant Users:F4⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --field-trial-handle=7056,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7520 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7180,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7680 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --field-trial-handle=7584,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7140 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=8224,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=6692 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=7104,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7700 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --field-trial-handle=5784,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7344 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7704,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7236 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --field-trial-handle=7504,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7072 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7240,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7128 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=7040,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7696 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --field-trial-handle=7248,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7476 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=8180,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7532 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=8228,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=8164 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --field-trial-handle=7480,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7452 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --field-trial-handle=7024,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7256 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --field-trial-handle=7124,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=8244 /prefetch:11⤵
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Public\ghostroot\Message.vbs explorer.exe1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --field-trial-handle=1036,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=8116 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --field-trial-handle=8132,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=8428 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=8552,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=8096 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=8296,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=8560 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --field-trial-handle=7140,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=8156 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=8144,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7132 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=8248,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=8624 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --field-trial-handle=8604,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7156 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=8788,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=8760 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=8668,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7556 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --field-trial-handle=8680,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7600 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=9176,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=9168 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=9436,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=9452 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=8736,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=9332 /prefetch:81⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x308 0x4ac1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --field-trial-handle=9480,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=6856 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --field-trial-handle=7476,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7468 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --field-trial-handle=8852,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7736 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --field-trial-handle=9240,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=6860 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --field-trial-handle=9696,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=9704 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=9456,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=9320 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=9300,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=9492 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --field-trial-handle=9900,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5956,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5996 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=9280,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=9284 /prefetch:81⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding1⤵
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Public\ghostroot\Message.vbs C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --field-trial-handle=5556,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=9848 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=9292,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=9820 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=9800,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=9796 /prefetch:81⤵
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Public\ghostroot\Message.vbs C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --field-trial-handle=9352,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=8520 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --field-trial-handle=8868,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7000 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --field-trial-handle=10300,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=9864 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=9776,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=8284 /prefetch:81⤵
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Public\ghostroot\Message.vbs C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9336,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=8484 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --field-trial-handle=10572,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=96 --field-trial-handle=9492,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=4832 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=97 --field-trial-handle=8520,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=10856 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=98 --field-trial-handle=9604,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=10872 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=99 --field-trial-handle=10620,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=11012 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=100 --field-trial-handle=9780,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7008 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=101 --field-trial-handle=11196,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=11040 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=102 --field-trial-handle=10604,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=10292 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=103 --field-trial-handle=11332,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=11228 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=104 --field-trial-handle=8772,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=8408 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=105 --field-trial-handle=6960,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=11204 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=106 --field-trial-handle=11156,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=107 --field-trial-handle=10316,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=10796 /prefetch:11⤵
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Public\ghostroot\Message.vbs C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=108 --field-trial-handle=11596,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=11172 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=109 --field-trial-handle=9444,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5944 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=110 --field-trial-handle=11736,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=11664 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=111 --field-trial-handle=5400,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=6832 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=112 --field-trial-handle=9712,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=6388 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=113 --field-trial-handle=11200,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=7484 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=114 --field-trial-handle=10768,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=11668 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=115 --field-trial-handle=3860,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=11404 /prefetch:11⤵
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Public\ghostroot\Message.vbs C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x308 0x4ac1⤵
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Public\ghostroot\Message.vbs C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=116 --field-trial-handle=5368,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=117 --field-trial-handle=6372,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=4232 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=118 --field-trial-handle=11408,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=119 --field-trial-handle=8156,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=11276 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=120 --field-trial-handle=5404,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=10592 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=121 --field-trial-handle=4232,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=6176 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5392,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=11292 /prefetch:81⤵
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Public\ghostroot\Message.vbs C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding1⤵
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Public\ghostroot\Message.vbs C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding1⤵
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Public\ghostroot\Message.vbs C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding1⤵
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Public\ghostroot\Message.vbs C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding1⤵
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Public\ghostroot\Message.vbs C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding1⤵
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Public\ghostroot\Message.vbs C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding1⤵
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Public\ghostroot\Message.vbs C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Active Setup
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Active Setup
1Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify Tools
1Safe Mode Boot
1Modify Registry
6File and Directory Permissions Modification
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bakFilesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15Filesize
36KB
MD50e2a09c8b94747fa78ec836b5711c0c0
SHA192495421ad887f27f53784c470884802797025ad
SHA2560c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36
SHA51261530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133644596327386931.txtFilesize
75KB
MD579ea60e4feeffe4483ba2d0ea61852fb
SHA17d5921a1b6240cc717ad4f4478bbcfc42f3af8e8
SHA2561e85f6cd486b20682b1a6af9f34e7993a558f3b5dccd1e80a55178847e794923
SHA5124d0866c2b63af9570fa20bca628a6e67b3704d7ab5a8a1311fb614f38b54444cc6630390092282f075751cae38000a17e4bf1cb992a8900b0c72965c0b24dbf4
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpgFilesize
122KB
MD585fdfaf180b65b395f8246977760a46d
SHA1d5b6be299abed8b11391174f72052bc86ead5db5
SHA256b1716446fbc5c97e41c8b977d52fe37f905816c7a928aa41168419e08905f9ea
SHA512a6c41687f490832e6c7cddf555310df09ecb631222faae4f22f37b0c3a0d3922b304d2ffa9bcf104830fb00c01a75a9704babe2ab7e3fe71ea8cf34416c10d5c
-
C:\Users\Admin\Desktop\Bolbi.txtFilesize
29B
MD5b37ed35ef479e43f406429bc36e68ec4
SHA15e3ec88d9d13d136af28dea0d3c2529f5b6e3b82
SHA256cc2b26f9e750e05cd680ef5721d9269fe4c8d23cabf500a2ff9065b6b4f7e08c
SHA512d1c1ea6292d8113ce8f02a9ad3921e2d8632f036bdfa243bd6600a173ac0b1fc659f91b43c8d9ec0beaabb87d9654f5f231e98fde27e4d9bdfd5862ca5cb13b7
-
C:\Users\Admin\Music\Slap1.vbsFilesize
46KB
MD599ec3237394257cb0b5c24affe458f48
SHA15300e68423da9712280e601b51622c4b567a23a4
SHA256ec17f950f6ee9c0c237d93bc0b766aa6e2ab458c70320b534212043128177b51
SHA512af2394d18f672def6d5d7081def759093759205aac0390ca03591c58c15a02e463a68b583b6fc28ef1368922b4bd5f9072d570ee97a955250a478cdb093500cb
-
C:\Users\Public\Ghostroot\KillDora.batFilesize
482B
MD54f08159f1d70d41bf975e23230033a0f
SHA1ea88d6fbdcf218e0e04a650d947250d8a3dfad40
SHA256d6e7530e3879225bc21fc17859e5b5c71414375baac27bb361fd9162f4b49e0e
SHA512958ac467e54d35c4ca5459853d661e49ea81efaa1ce3044114d577fcb757343a40ddb30b9f540cf9c100f05958a843bf312fa879c43bda7513643c824b318d6a
-
C:\Users\Public\ghostroot\8ydfdsE.jpgFilesize
59KB
MD51e8cd861c7919b862a9c47abae3dcce3
SHA14d44512ae2da33a9355463231184bbbfdc4396f2
SHA256cba3db7504d0b98a3bc5bebc7d4479360f4535378a9ee113c2269811d0a8d6d9
SHA512ee06887355aeff3fe2865bcde6050d8d139668e78bb352a6a0f32b36446887dab78e50a88c0762e3b3d36dd3288546a6283e2f19a7873f01733666046be60e48
-
C:\Users\Public\ghostroot\Bolbi.vbsFilesize
462B
MD5de41c9172365499ef98449023dd75699
SHA1f2a94f1ac182d9ecb0a3b3fc8e45540a9a46fb3e
SHA25667a66e2e73c7543b0ccc82a4f6892fb4669aa476cb654d3c597609ec16d1943e
SHA512335804bdbe623244b97eb687906808ad508ca6358457cfee89bb5b8cdbbee5399e38d71ed7c808b89f070671c52fa403c33adbd20871e6dd2e9ff079bd54076f
-
C:\Users\Public\ghostroot\Message.vbsFilesize
55B
MD5302e08c86880a39ca55f21cabfa7c5de
SHA158d56c0eb14fc0401cda7c48d6df9d23f6e9b7e3
SHA25665cfb12baaa6f5891bcd7fda727933a4a12f6dbfa9a6717549eacc6dee9436c7
SHA5129aac68a57cea3d00b956ff82ce443600a969dbc3e4eb2b7b12902f70e318c7dbbf7378b375dd28c0d3be0a0515c5c69d4dd5610d5778f22c4e33765d704f8ff7
-
C:\Users\Public\ghostroot\rpdbfk.exeMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Public\ghostroot\rpdbfk.exeFilesize
16KB
MD5c00be65597bf40636145c34fbf4788c0
SHA16809a72fc75f323137e43c91cc0465328cbb525d
SHA2568861afb9340e88a7f139fe1022748db3658b31ff505de897569032a1b34ed5ea
SHA5121d948c49c94daf764ed8cd2b94aa78abc7a23b1fb7a1aa8dffc529cbeeaedb52ee693113a424c75abc80f5dc1a0c69cceb291e3ab47b96811cfd72e2b4494f23
-
memory/1068-32-0x0000000002630000-0x0000000002631000-memory.dmpFilesize
4KB
-
memory/2020-172565-0x000001CF02610000-0x000001CF02620000-memory.dmpFilesize
64KB
-
memory/2020-172567-0x000001CF02610000-0x000001CF02620000-memory.dmpFilesize
64KB
-
memory/2020-172577-0x000001CF02610000-0x000001CF02620000-memory.dmpFilesize
64KB
-
memory/2020-172564-0x000001CF02610000-0x000001CF02620000-memory.dmpFilesize
64KB
-
memory/2020-172570-0x000001CF02610000-0x000001CF02620000-memory.dmpFilesize
64KB
-
memory/2020-172566-0x000001CF02610000-0x000001CF02620000-memory.dmpFilesize
64KB
-
memory/2020-172562-0x000001CF02610000-0x000001CF02620000-memory.dmpFilesize
64KB
-
memory/2020-172569-0x000001CF02610000-0x000001CF02620000-memory.dmpFilesize
64KB
-
memory/2020-172568-0x000001CF02610000-0x000001CF02620000-memory.dmpFilesize
64KB
-
memory/3660-2-0x0000000000400000-0x0000000000409000-memory.dmpFilesize
36KB
-
memory/3660-1-0x0000000000400000-0x0000000000409000-memory.dmpFilesize
36KB
-
memory/3964-172563-0x0000015A8EF80000-0x0000015A8EF90000-memory.dmpFilesize
64KB
-
memory/3964-172572-0x0000015A8EF80000-0x0000015A8EF90000-memory.dmpFilesize
64KB
-
memory/3964-172579-0x0000015A8EF80000-0x0000015A8EF90000-memory.dmpFilesize
64KB
-
memory/3964-172578-0x0000015A8EF80000-0x0000015A8EF90000-memory.dmpFilesize
64KB
-
memory/3964-172571-0x0000015A8EF80000-0x0000015A8EF90000-memory.dmpFilesize
64KB
-
memory/3964-172576-0x0000015A8EF80000-0x0000015A8EF90000-memory.dmpFilesize
64KB
-
memory/3964-172573-0x0000015A8EF80000-0x0000015A8EF90000-memory.dmpFilesize
64KB
-
memory/3964-172575-0x0000015A8EF80000-0x0000015A8EF90000-memory.dmpFilesize
64KB
-
memory/3964-172574-0x0000015A8EF80000-0x0000015A8EF90000-memory.dmpFilesize
64KB
-
memory/5088-69-0x000002284D4A0000-0x000002284D4C0000-memory.dmpFilesize
128KB
-
memory/5088-67-0x000002284CE90000-0x000002284CEB0000-memory.dmpFilesize
128KB
-
memory/5088-38-0x000002284CED0000-0x000002284CEF0000-memory.dmpFilesize
128KB
-
memory/5088-0-0x0000000000400000-0x0000000000409000-memory.dmpFilesize
36KB
-
memory/5088-4-0x0000000000400000-0x0000000000409000-memory.dmpFilesize
36KB
