Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Dec. 19, 2022, 9:43 a.m. | Dec. 19, 2022, 9:48 a.m. |
-
-
-
chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef441f1e8,0x7fef441f1f8,0x7fef441f208
2792 -
chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2752 --on-initialized-event-handle=316 --parent-handle=320 /prefetch:6
2860
-
-
g8NyBEXVWyvZ5Q97arupA5LD.exe "C:\Users\test22\Pictures\Minor Policy\g8NyBEXVWyvZ5Q97arupA5LD.exe"
2992-
schtasks.exe schtasks /create /f /RU "test22" /tr ""C:\Program Files (x86)\ClipManagerP0\ClipManager_Svc.exe"" /tn "LOLPA4DESK HR" /sc HOURLY /rl HIGHEST
3036 -
schtasks.exe schtasks /create /f /RU "test22" /tr ""C:\Program Files (x86)\ClipManagerP0\ClipManager_Svc.exe"" /tn "LOLPA4DESK LG" /sc ONLOGON /rl HIGHEST
812
-
-
Name | Response | Post-Analysis Lookup |
---|---|---|
metazone1.com | 31.31.196.244 | |
iplis.ru | 148.251.234.93 | |
vk.com | 87.240.132.67 | |
iplogger.org | 148.251.234.83 | |
ipinfo.io | 34.117.59.81 |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.101:49163 34.117.59.81:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1D4 | CN=ipinfo.io | 4e:22:32:5f:c2:00:65:ac:06:fb:71:62:4b:77:57:f0:0e:54:b8:cf |
TLSv1 192.168.56.101:49175 87.240.129.133:443 |
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com | 50:24:2a:d1:17:55:8b:34:61:58:4d:21:51:d3:9a:ae:ce:a7:06:97 |
file | C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\Locales\ko.pak |
suspicious_features | POST method with no referer header | suspicious_request | POST http://metazone1.com/api/firegate.php | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://107.182.129.251/download/it_tab.jpeg | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://107.182.129.251/download/it_tab.jpeg | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://107.182.129.251/download/it_tab.png | ||||||
suspicious_features | Connection to IP address | suspicious_request | HEAD http://163.123.143.4/download/YT_Client.exe | ||||||
suspicious_features | Connection to IP address | suspicious_request | GET http://163.123.143.4/download/YT_Client.exe |
request | GET http://metazone1.com/api/tracemap.php |
request | POST http://metazone1.com/api/firegate.php |
request | HEAD http://107.182.129.251/download/it_tab.jpeg |
request | GET http://107.182.129.251/download/it_tab.jpeg |
request | GET http://107.182.129.251/download/it_tab.png |
request | HEAD http://163.123.143.4/download/YT_Client.exe |
request | GET http://163.123.143.4/download/YT_Client.exe |
request | GET https://ipinfo.io/widget |
request | GET https://vk.com/doc746114504_647280747?hash=cvDFKP5q0CQEjBCbeoeHvPNrWE0xbMxZEmrkIeNKcET&dl=G42DMMJRGQ2TANA:1661413520:uZNj68vRUvQaydRD8wpAK8zluN0I7otw5AHbA1ZlN9T&api=1&no_preview=1 |
request | POST http://metazone1.com/api/firegate.php |
domain | iplis.ru | description | Russian Federation domain TLD |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpphpanfghgfhmmdmcfndlfiecpmcmk |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hmeobnfnfcmdkdcmlblgagmfpfboieaf |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpphpanfghgfhmmdmcfndlfiecpmcmk\1.0.3_0\js\jquery362.js |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-spare.pma |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing IP Blacklist |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpphpanfghgfhmmdmcfndlfiecpmcmk\1.0.3_0\icons\git.pdn |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpphpanfghgfhmmdmcfndlfiecpmcmk\1.0.3_0\icons\logoJG.png |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-63A01ACF-ABC.pma |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhilaheimglignddkjgofkcbgekhenbh |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fmblappgoiilbgafhjklehhfifbdocee |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Stability\2748-1671410600218750.pma |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Module Whitelist |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\ChromeFilenameClientIncident.store |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpphpanfghgfhmmdmcfndlfiecpmcmk\1.0.3_0\css |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpphpanfghgfhmmdmcfndlfiecpmcmk\1.0.3_0\css\index.css |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Side-Effect Free Whitelist |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing UwS List Prefix Set |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Inclusion Whitelist |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpphpanfghgfhmmdmcfndlfiecpmcmk\1.0.3_0\icons |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics-active.pma |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Extension Blacklist |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpphpanfghgfhmmdmcfndlfiecpmcmk\1.0.3_0\_metadata |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-63327DF3-A54.pma |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpphpanfghgfhmmdmcfndlfiecpmcmk\1.0.3_0\index.html |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Resource Blacklist |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgffkfbidihjpoaomajlbgchddlicgpn |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpphpanfghgfhmmdmcfndlfiecpmcmk\1.0.3_0\icons\icon128.png |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\reports\bc75ff5f-a049-4596-b624-23db42c50fe1.dmp |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpphpanfghgfhmmdmcfndlfiecpmcmk\1.0.3_0\js |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpphpanfghgfhmmdmcfndlfiecpmcmk\1.0.3_0 |
name | RT_VERSION | language | LANG_NEUTRAL | filetype | data | sublanguage | SUBLANG_ARABIC_OMAN | offset | 0x00249970 | size | 0x000002ac |
domain | ipinfo.io |
file | C:\Users\test22\Pictures\Minor Policy\g8NyBEXVWyvZ5Q97arupA5LD.exe |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpphpanfghgfhmmdmcfndlfiecpmcmk\1.0.3_0\js\background.js |
file | C:\Users\test22\Pictures\Minor Policy\DQBAKWkBRb3J7NnOFLAz4GEi.exe |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpphpanfghgfhmmdmcfndlfiecpmcmk\1.0.3_0\js\newTab_script.js |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpphpanfghgfhmmdmcfndlfiecpmcmk\1.0.3_0\js\jquery362.js |
cmdline | schtasks /create /f /RU "test22" /tr ""C:\Program Files (x86)\ClipManagerP0\ClipManager_Svc.exe"" /tn "LOLPA4DESK LG" /sc ONLOGON /rl HIGHEST |
cmdline | schtasks /create /f /RU "test22" /tr ""C:\Program Files (x86)\ClipManagerP0\ClipManager_Svc.exe"" /tn "LOLPA4DESK HR" /sc HOURLY /rl HIGHEST |
file | C:\Users\test22\Pictures\Minor Policy\g8NyBEXVWyvZ5Q97arupA5LD.exe |
process | ww20.exe |
url | https://clients4.google.com/invalidation/android/request/ |
url | http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
url | http://services.ukrposhta.com/postindex_new/ |
url | http://dts.search-results.com/sr?lng= |
url | http://inposdom.gob.do/codigo-postal/ |
url | http://creativecommons.org/ns |
url | http://www.postur.fo/ |
url | https://qc.search.yahoo.com/search?ei= |
url | https://cacert.omniroot.com/baltimoreroot.crt09 |
url | http://crbug.com/122474. |
url | https://search.yahoo.com/search?ei= |
url | http://t1.symcb.com/ThawtePCA.crl0/ |
url | http://crbug.com/31395. |
url | https://support.google.com/chrome/answer/165139 |
url | https://ct.googleapis.com/aviator/ |
url | https://datasaver.googleapis.com/v1/clientConfigs |
url | http://crl.starfieldtech.com/sfroot-g2.crl0L |
url | https://ct.startssl.com/ |
url | https://suggest.yandex.com.tr/suggest-ff.cgi?part= |
url | https://de.search.yahoo.com/favicon.ico |
url | https://github.com/GoogleChrome/Lighthouse/issues |
url | http://www.searchnu.com/favicon.ico |
url | https://support.google.com/installer/?product= |
url | http://msdn.microsoft.com/en-us/library/ms792901.aspx |
url | https://www.najdi.si/search.jsp?q= |
url | http://x.ss2.us/x.cer0 |
url | http://crl.geotrust.com/crls/gtglobal.crl04 |
url | https://accounts.google.com/ServiceLogin |
url | https://accounts.google.com/OAuthLogin |
url | https://c.android.clients.google.com/ |
url | https://search.goo.ne.jp/sgt.jsp?MT= |
url | https://www.google.com/tools/feedback/chrome/__submit |
url | https://chrome.google.com/webstore/category/collection/dark_themes |
url | http://check.googlezip.net/generate_204 |
url | http://ocsp.starfieldtech.com/08 |
url | http://www.guernseypost.com/postcode_finder/ |
url | http://crl.certum.pl/ca.crl0h |
url | http://ator |
url | https://suggest.yandex.by/suggest-ff.cgi?part= |
url | http://feed.snap.do/?q= |
url | https://sp.uk.ask.com/sh/i/a16/favicon/favicon.ico |
url | http://www.language |
url | https://support.google.com/chrome/ |
url | http://developer.chrome.com/apps/declare_permissions.html |
url | http://www.google.com/chrome/intl/ko/eula_text.html |
url | https://www.globalsign.com/repository/03 |
url | http://www.startssl.com/sfsca.crl0 |
url | http://UA-Compatible |
url | https://se.search.yahoo.com/search?ei= |
url | http://EVSecure-ocsp.geotrust.com0 |
description | Create a windows service | rule | Create_Service | ||||||
description | Communication using DGA | rule | Network_DGA | ||||||
description | Communications over RAW Socket | rule | Network_TCP_Socket | ||||||
description | Take ScreenShot | rule | ScreenShot | ||||||
description | Communications use DNS | rule | Network_DNS | ||||||
description | Perform crypto currency mining | rule | BitCoin | ||||||
description | Match Windows Inet API call | rule | Str_Win32_Internet_API | ||||||
description | Win.Trojan.agentTesla | rule | Win_Trojan_agentTesla_Zero | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | Record Audio | rule | Sniff_Audio | ||||||
description | Communications over HTTP | rule | Network_HTTP | ||||||
description | Steal credential | rule | local_credential_Steal | ||||||
description | Virtual currency | rule | Virtual_currency_Zero | ||||||
description | Run a KeyLogger | rule | KeyLogger | ||||||
description | Google Chrome User Data Check | rule | Chrome_User_Data_Check_Zero | ||||||
description | browser info stealer | rule | infoStealer_browser_Zero | ||||||
description | Communications over P2P network | rule | Network_P2P_Win | ||||||
description | File Downloader | rule | Network_Downloader | ||||||
description | Escalate priviledges | rule | Escalate_priviledges | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerCheck__RemoteAPI | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | DebuggerException__ConsoleCtrl | ||||||
description | (no description) | rule | DebuggerException__SetConsoleCtrl | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | (no description) | rule | Check_Dlls | ||||||
description | Possibly employs anti-virtualization techniques | rule | vmdetect | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Anti-Sandbox checks for ThreatExpert | rule | antisb_threatExpert | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Affect hook table | rule | win_hook | ||||||
description | Install itself for autorun at Windows startup | rule | Persistence | ||||||
description | Communications over FTP | rule | Network_FTP | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | Create a windows service | rule | Create_Service | ||||||
description | Communication using DGA | rule | Network_DGA | ||||||
description | Communications over RAW Socket | rule | Network_TCP_Socket | ||||||
description | Take ScreenShot | rule | ScreenShot | ||||||
description | Communications use DNS | rule | Network_DNS | ||||||
description | Perform crypto currency mining | rule | BitCoin | ||||||
description | Match Windows Inet API call | rule | Str_Win32_Internet_API | ||||||
description | Win.Trojan.agentTesla | rule | Win_Trojan_agentTesla_Zero | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | Record Audio | rule | Sniff_Audio | ||||||
description | Communications over HTTP | rule | Network_HTTP |
cmdline | schtasks /create /f /RU "test22" /tr ""C:\Program Files (x86)\ClipManagerP0\ClipManager_Svc.exe"" /tn "LOLPA4DESK LG" /sc ONLOGON /rl HIGHEST |
cmdline | schtasks /create /f /RU "test22" /tr ""C:\Program Files (x86)\ClipManagerP0\ClipManager_Svc.exe"" /tn "LOLPA4DESK HR" /sc HOURLY /rl HIGHEST |
host | 107.182.129.251 | |||
host | 163.123.143.4 | |||
host | 45.10.52.33 |
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\LOLPA4DESK | reg_value | "C:\Program Files (x86)\ClipManagerP0\ClipManager_Svc.exe" | ||||||
cmdline | schtasks /create /f /RU "test22" /tr ""C:\Program Files (x86)\ClipManagerP0\ClipManager_Svc.exe"" /tn "LOLPA4DESK LG" /sc ONLOGON /rl HIGHEST | ||||||||
cmdline | schtasks /create /f /RU "test22" /tr ""C:\Program Files (x86)\ClipManagerP0\ClipManager_Svc.exe"" /tn "LOLPA4DESK HR" /sc HOURLY /rl HIGHEST |
parent_process | chrome.exe | martian_process | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1232,2183132983874014909,2190702872535226655,131072 --gpu-preferences=KAAAAAAAAAAABwAAAQAAAAAAAAAAAGAAAQAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x80ee --gpu-device-id=0xbeef --gpu-driver-vendor=Microsoft --gpu-driver-version=6.1.7600.16385 --gpu-driver-date=6-21-2006 --service-request-channel-token=3CBBC489ADEFFE45636BBD207231B280 --mojo-platform-channel-handle=1244 --ignored=" --type=renderer " /prefetch:2 | ||||||
parent_process | chrome.exe | martian_process | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2752 --on-initialized-event-handle=316 --parent-handle=320 /prefetch:6 | ||||||
parent_process | chrome.exe | martian_process | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x88,0x8c,0x90,0x84,0x94,0x7fef441f1e8,0x7fef441f1f8,0x7fef441f208 |
url | http://127.0.0.1 |
cmdline | schtasks /create /f /RU "test22" /tr ""C:\Program Files (x86)\ClipManagerP0\ClipManager_Svc.exe"" /tn "LOLPA4DESK LG" /sc ONLOGON /rl HIGHEST |
cmdline | schtasks /create /f /RU "test22" /tr ""C:\Program Files (x86)\ClipManagerP0\ClipManager_Svc.exe"" /tn "LOLPA4DESK HR" /sc HOURLY /rl HIGHEST |
description | attempts to modify windows defender policies | registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8ACAAA32-87E2-4EE0-A51D-B02C050E3C1E}Machine\Software\Policies\Microsoft\Windows Defender\DisableAntiSpyware | ||||||
description | attempts to modify windows defender policies | registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8ACAAA32-87E2-4EE0-A51D-B02C050E3C1E}Machine\Software\Policies\Microsoft\Windows Defender\Exclusions\Extensions\exe | ||||||
description | attempts to modify windows defender policies | registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8ACAAA32-87E2-4EE0-A51D-B02C050E3C1E}Machine\Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection | ||||||
description | attempts to modify windows defender policies | registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8ACAAA32-87E2-4EE0-A51D-B02C050E3C1E}Machine\Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring | ||||||
description | attempts to modify windows defender policies | registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8ACAAA32-87E2-4EE0-A51D-B02C050E3C1E}Machine\Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection | ||||||
description | attempts to modify windows defender policies | registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8ACAAA32-87E2-4EE0-A51D-B02C050E3C1E}Machine\Software\Policies\Microsoft\Windows Defender\DisableRoutinelyTakingAction | ||||||
description | attempts to modify windows defender policies | registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8ACAAA32-87E2-4EE0-A51D-B02C050E3C1E}Machine\Software\Policies\Microsoft\Windows Defender\Exclusions\Exclusions_Extensions | ||||||
description | attempts to modify windows defender policies | registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8ACAAA32-87E2-4EE0-A51D-B02C050E3C1E}Machine\Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable | ||||||
description | attempts to modify windows defender policies | registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8ACAAA32-87E2-4EE0-A51D-B02C050E3C1E}Machine\Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring | ||||||
description | attempts to modify windows defender policies | registry | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8ACAAA32-87E2-4EE0-A51D-B02C050E3C1E}Machine\Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRawWriteNotification |
Bkav | W32.AIDetect.malware2 |
MicroWorld-eScan | Gen:Heur.Mint.PrivateLoader.1 |
McAfee | Artemis!5DEBAE710ACC |
Cylance | Unsafe |
VIPRE | Gen:Heur.Mint.PrivateLoader.1 |
Arcabit | Trojan.Mint.PrivateLoader.1 |
Symantec | ML.Attribute.HighConfidence |
Elastic | malicious (high confidence) |
ESET-NOD32 | a variant of Win32/Agent.ADGH |
APEX | Malicious |
Cynet | Malicious (score: 100) |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Gen:Heur.Mint.PrivateLoader.1 |
Avast | Win32:PWSX-gen [Trj] |
Ad-Aware | Gen:Heur.Mint.PrivateLoader.1 |
Emsisoft | Gen:Heur.Mint.PrivateLoader.1 (B) |
McAfee-GW-Edition | BehavesLike.Win32.BadFile.vh |
FireEye | Gen:Heur.Mint.PrivateLoader.1 |
Avira | TR/AD.Nekark.mexad |
MAX | malware (ai score=84) |
Microsoft | Trojan:Win32/Sabsik.FL.B!ml |
GData | Gen:Heur.Mint.PrivateLoader.1 |
AhnLab-V3 | Trojan/Win.Generic.C5272956 |
BitDefenderTheta | Gen:NN.ZexaF.36106.tw0@aW6jdQaQ |
ALYac | Gen:Heur.Mint.PrivateLoader.1 |
VBA32 | BScope.TrojanPSW.Arkei |
Malwarebytes | Trojan.WDDisabler |
Rising | Downloader.Agent!1.D93C (CLASSIC) |
SentinelOne | Static AI - Suspicious PE |
MaxSecure | Trojan.Malware.300983.susgen |
Fortinet | W32/Agent.ADGH!tr |
AVG | Win32:PWSX-gen [Trj] |