URL:

https://github.com/topics/virus-samples

Full analysis: https://app.any.run/tasks/7ea09678-b046-4768-a69b-a9ead7ecff9a
Verdict: Malicious activity
Analysis date: July 10, 2023, 21:03:24
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

0996617EB8C52EC43B0FD8ADA338266E

SHA1:

CBF80A8501F4EF58548C438115B345454624E59A

SHA256:

429D022AFCAB45C84DCB2D35B4F67CE6EB8FF2C46540683BA32F584D5C4E1FD3

SSDEEP:

3:N8tEdhK7GQI8W:2u6nZW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • ADZP 20 Complex.exe (PID: 2960)
      • ADZP 20 Complex.exe (PID: 2340)
      • ADZP 20 Complex.exe (PID: 1912)
      • ADZP 20 Complex.exe (PID: 2032)
      • ADZP 20 Complex.exe (PID: 4288)
      • ADZP 20 Complex.exe (PID: 4620)
      • ADZP 20 Complex.exe (PID: 2956)
      • ADZP 20 Complex.exe (PID: 5168)
      • ADZP 20 Complex.exe (PID: 4832)
      • ADZP 20 Complex.exe (PID: 4652)
      • ADZP 20 Complex.exe (PID: 5964)
      • ADZP 20 Complex.exe (PID: 4380)
      • ADZP 20 Complex.exe (PID: 5716)
      • ADZP 20 Complex.exe (PID: 6984)
      • ADZP 20 Complex.exe (PID: 4020)
      • ADZP 20 Complex.exe (PID: 7192)
      • ADZP 20 Complex.exe (PID: 2004)
      • ADZP 20 Complex.exe (PID: 6932)
      • ADZP 20 Complex.exe (PID: 3016)
      • ADZP 20 Complex.exe (PID: 328)
      • ADZP 20 Complex.exe (PID: 2520)
      • ADZP 20 Complex.exe (PID: 7044)
      • ADZP 20 Complex.exe (PID: 3088)
      • ADZP 20 Complex.exe (PID: 8184)
      • ADZP 20 Complex.exe (PID: 5016)
      • ADZP 20 Complex.exe (PID: 7424)
      • ADZP 20 Complex.exe (PID: 844)
      • ADZP 20 Complex.exe (PID: 2988)
      • ADZP 20 Complex.exe (PID: 7128)
      • ADZP 20 Complex.exe (PID: 9916)
      • ADZP 20 Complex.exe (PID: 8280)
      • ADZP 20 Complex.exe (PID: 10032)
      • ADZP 20 Complex.exe (PID: 10140)
      • ADZP 20 Complex.exe (PID: 9836)
      • ADZP 20 Complex.exe (PID: 8420)
      • ADZP 20 Complex.exe (PID: 9964)
      • ADZP 20 Complex.exe (PID: 10136)
      • ADZP 20 Complex.exe (PID: 7008)
      • ADZP 20 Complex.exe (PID: 9460)
      • ADZP 20 Complex.exe (PID: 10012)
      • ADZP 20 Complex.exe (PID: 9276)
      • ADZP 20 Complex.exe (PID: 10100)
      • ADZP 20 Complex.exe (PID: 752)
      • ADZP 20 Complex.exe (PID: 9652)
      • ADZP 20 Complex.exe (PID: 9824)
      • ADZP 20 Complex.exe (PID: 8864)
      • ADZP 20 Complex.exe (PID: 9408)
      • ADZP 20 Complex.exe (PID: 10208)
      • ADZP 20 Complex.exe (PID: 9180)
      • ADZP 20 Complex.exe (PID: 10024)
      • ADZP 20 Complex.exe (PID: 2996)
      • ADZP 20 Complex.exe (PID: 8684)
      • ADZP 20 Complex.exe (PID: 9488)
      • ADZP 20 Complex.exe (PID: 9036)
      • ADZP 20 Complex.exe (PID: 12136)
      • ADZP 20 Complex.exe (PID: 10824)
      • ADZP 20 Complex.exe (PID: 11784)
      • ADZP 20 Complex.exe (PID: 11220)
      • ADZP 20 Complex.exe (PID: 10524)
      • ADZP 20 Complex.exe (PID: 11248)
      • ADZP 20 Complex.exe (PID: 10428)

    • Actions looks like stealing of personal data

      • cmd.exe (PID: 2732)
      • cmd.exe (PID: 3272)
      • cmd.exe (PID: 3296)
      • cmd.exe (PID: 3584)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • cmd.exe (PID: 2732)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 2948)
      • cmd.exe (PID: 2732)
      • cmd.exe (PID: 3296)
      • cmd.exe (PID: 3272)
      • cmd.exe (PID: 3584)
      • cmd.exe (PID: 6100)
      • cmd.exe (PID: 6116)
      • cmd.exe (PID: 5416)
      • cmd.exe (PID: 4604)
      • cmd.exe (PID: 4180)
      • cmd.exe (PID: 4448)
      • cmd.exe (PID: 4660)
      • cmd.exe (PID: 956)
      • cmd.exe (PID: 5220)
      • cmd.exe (PID: 7080)
      • cmd.exe (PID: 10540)
      • cmd.exe (PID: 6172)
      • cmd.exe (PID: 7840)
      • cmd.exe (PID: 6672)
      • cmd.exe (PID: 6400)
      • cmd.exe (PID: 7772)
      • cmd.exe (PID: 3640)
      • cmd.exe (PID: 6864)
      • cmd.exe (PID: 10376)
      • cmd.exe (PID: 6256)
      • cmd.exe (PID: 6720)
      • cmd.exe (PID: 4192)
      • cmd.exe (PID: 8008)
      • cmd.exe (PID: 11932)
      • cmd.exe (PID: 7152)
      • cmd.exe (PID: 10252)
      • cmd.exe (PID: 11580)
      • cmd.exe (PID: 8180)
      • cmd.exe (PID: 7880)
      • cmd.exe (PID: 7956)
      • cmd.exe (PID: 6324)
      • cmd.exe (PID: 7780)
      • cmd.exe (PID: 6852)
      • cmd.exe (PID: 10128)

    • Executing commands from a ".bat" file

      • ADZP 20 Complex.exe (PID: 2960)
      • cmd.exe (PID: 2732)
      • ADZP 20 Complex.exe (PID: 2032)
      • ADZP 20 Complex.exe (PID: 2340)
      • ADZP 20 Complex.exe (PID: 1912)
      • cmd.exe (PID: 3272)
      • cmd.exe (PID: 3584)
      • cmd.exe (PID: 3296)
      • ADZP 20 Complex.exe (PID: 4620)
      • ADZP 20 Complex.exe (PID: 2956)
      • ADZP 20 Complex.exe (PID: 5964)
      • ADZP 20 Complex.exe (PID: 4652)
      • ADZP 20 Complex.exe (PID: 4288)
      • ADZP 20 Complex.exe (PID: 5168)
      • ADZP 20 Complex.exe (PID: 5716)
      • ADZP 20 Complex.exe (PID: 4380)
      • ADZP 20 Complex.exe (PID: 4832)
      • cmd.exe (PID: 6116)
      • cmd.exe (PID: 5416)
      • cmd.exe (PID: 6100)
      • cmd.exe (PID: 4180)
      • cmd.exe (PID: 4448)
      • cmd.exe (PID: 4604)
      • cmd.exe (PID: 956)
      • cmd.exe (PID: 4660)
      • cmd.exe (PID: 5220)
      • ADZP 20 Complex.exe (PID: 3016)
      • ADZP 20 Complex.exe (PID: 2004)
      • ADZP 20 Complex.exe (PID: 6932)
      • ADZP 20 Complex.exe (PID: 6984)
      • ADZP 20 Complex.exe (PID: 4020)
      • ADZP 20 Complex.exe (PID: 7192)
      • ADZP 20 Complex.exe (PID: 328)
      • ADZP 20 Complex.exe (PID: 2520)
      • ADZP 20 Complex.exe (PID: 7044)
      • ADZP 20 Complex.exe (PID: 3088)
      • ADZP 20 Complex.exe (PID: 8184)
      • ADZP 20 Complex.exe (PID: 7424)
      • ADZP 20 Complex.exe (PID: 5016)
      • ADZP 20 Complex.exe (PID: 2988)
      • ADZP 20 Complex.exe (PID: 7008)
      • ADZP 20 Complex.exe (PID: 7128)
      • ADZP 20 Complex.exe (PID: 8280)
      • ADZP 20 Complex.exe (PID: 844)
      • ADZP 20 Complex.exe (PID: 9916)
      • ADZP 20 Complex.exe (PID: 10140)
      • ADZP 20 Complex.exe (PID: 10032)
      • ADZP 20 Complex.exe (PID: 9836)
      • ADZP 20 Complex.exe (PID: 9964)
      • ADZP 20 Complex.exe (PID: 8420)
      • ADZP 20 Complex.exe (PID: 10136)
      • ADZP 20 Complex.exe (PID: 9460)
      • ADZP 20 Complex.exe (PID: 8864)
      • ADZP 20 Complex.exe (PID: 10012)
      • ADZP 20 Complex.exe (PID: 752)
      • ADZP 20 Complex.exe (PID: 10100)
      • ADZP 20 Complex.exe (PID: 9276)
      • ADZP 20 Complex.exe (PID: 9824)
      • ADZP 20 Complex.exe (PID: 8684)
      • ADZP 20 Complex.exe (PID: 9652)
      • ADZP 20 Complex.exe (PID: 9036)
      • ADZP 20 Complex.exe (PID: 10208)
      • ADZP 20 Complex.exe (PID: 9408)
      • ADZP 20 Complex.exe (PID: 10024)
      • ADZP 20 Complex.exe (PID: 2996)
      • ADZP 20 Complex.exe (PID: 9488)
      • ADZP 20 Complex.exe (PID: 9180)
      • ADZP 20 Complex.exe (PID: 10524)
      • ADZP 20 Complex.exe (PID: 11248)
      • ADZP 20 Complex.exe (PID: 10824)
      • ADZP 20 Complex.exe (PID: 12136)
      • ADZP 20 Complex.exe (PID: 10428)
      • cmd.exe (PID: 7080)
      • cmd.exe (PID: 10540)
      • cmd.exe (PID: 6172)
      • cmd.exe (PID: 7840)
      • ADZP 20 Complex.exe (PID: 11220)
      • ADZP 20 Complex.exe (PID: 11784)
      • cmd.exe (PID: 6672)
      • cmd.exe (PID: 6720)
      • cmd.exe (PID: 6400)
      • cmd.exe (PID: 7772)
      • cmd.exe (PID: 3640)
      • cmd.exe (PID: 6864)
      • cmd.exe (PID: 10376)
      • cmd.exe (PID: 6256)
      • cmd.exe (PID: 4192)
      • cmd.exe (PID: 8008)
      • cmd.exe (PID: 11932)
      • cmd.exe (PID: 7152)
      • cmd.exe (PID: 10252)
      • cmd.exe (PID: 8180)
      • cmd.exe (PID: 11580)
      • cmd.exe (PID: 10128)
      • cmd.exe (PID: 7880)
      • cmd.exe (PID: 7780)
      • cmd.exe (PID: 6324)
      • cmd.exe (PID: 7956)
      • cmd.exe (PID: 6852)

    • Reads the Internet Settings

      • cmd.exe (PID: 2732)
      • cmd.exe (PID: 3296)
      • cmd.exe (PID: 3272)
      • cmd.exe (PID: 3584)
      • cmd.exe (PID: 6100)
      • cmd.exe (PID: 5416)
      • cmd.exe (PID: 6116)
      • cmd.exe (PID: 4180)
      • cmd.exe (PID: 4448)
      • cmd.exe (PID: 4604)
      • cmd.exe (PID: 4660)
      • cmd.exe (PID: 956)
      • cmd.exe (PID: 5220)

    • The process executes VB scripts

      • cmd.exe (PID: 2732)
      • cmd.exe (PID: 3296)
      • cmd.exe (PID: 3272)
      • cmd.exe (PID: 3584)
      • cmd.exe (PID: 5416)
      • cmd.exe (PID: 6116)
      • cmd.exe (PID: 4180)
      • cmd.exe (PID: 6100)
      • cmd.exe (PID: 4604)
      • cmd.exe (PID: 4448)
      • cmd.exe (PID: 4660)
      • cmd.exe (PID: 956)
      • cmd.exe (PID: 5220)
      • cmd.exe (PID: 7080)
      • cmd.exe (PID: 10540)
      • cmd.exe (PID: 6172)
      • cmd.exe (PID: 7840)
      • cmd.exe (PID: 6400)
      • cmd.exe (PID: 7772)
      • cmd.exe (PID: 6720)
      • cmd.exe (PID: 6672)
      • cmd.exe (PID: 3640)
      • cmd.exe (PID: 10376)
      • cmd.exe (PID: 6864)
      • cmd.exe (PID: 6256)
      • cmd.exe (PID: 11932)
      • cmd.exe (PID: 10252)
      • cmd.exe (PID: 8180)
      • cmd.exe (PID: 7152)
      • cmd.exe (PID: 11580)
      • cmd.exe (PID: 4192)
      • cmd.exe (PID: 8008)
      • cmd.exe (PID: 7780)
      • cmd.exe (PID: 7880)
      • cmd.exe (PID: 6324)
      • cmd.exe (PID: 10128)
      • cmd.exe (PID: 7956)
      • cmd.exe (PID: 6852)
      • cmd.exe (PID: 14068)
      • cmd.exe (PID: 12704)

    • Executing commands from ".cmd" file

      • cmd.exe (PID: 2732)
      • cmd.exe (PID: 3296)
      • cmd.exe (PID: 3272)
      • cmd.exe (PID: 3584)
      • cmd.exe (PID: 6100)
      • cmd.exe (PID: 6116)
      • cmd.exe (PID: 5416)
      • cmd.exe (PID: 4604)
      • cmd.exe (PID: 4180)
      • cmd.exe (PID: 4448)
      • cmd.exe (PID: 4660)
      • cmd.exe (PID: 956)
      • cmd.exe (PID: 5220)
      • cmd.exe (PID: 10540)
      • cmd.exe (PID: 6172)
      • cmd.exe (PID: 7080)
      • cmd.exe (PID: 7840)
      • cmd.exe (PID: 7772)
      • cmd.exe (PID: 6400)
      • cmd.exe (PID: 6672)
      • cmd.exe (PID: 3640)
      • cmd.exe (PID: 6864)
      • cmd.exe (PID: 11932)
      • cmd.exe (PID: 10376)
      • cmd.exe (PID: 6256)
      • cmd.exe (PID: 4192)
      • cmd.exe (PID: 8180)
      • cmd.exe (PID: 8008)
      • cmd.exe (PID: 10252)
      • cmd.exe (PID: 7152)
      • cmd.exe (PID: 7880)
      • cmd.exe (PID: 11580)
      • cmd.exe (PID: 6324)
      • cmd.exe (PID: 7956)
      • cmd.exe (PID: 7780)
      • cmd.exe (PID: 6852)
      • cmd.exe (PID: 12704)
      • cmd.exe (PID: 14068)
      • cmd.exe (PID: 6720)
      • cmd.exe (PID: 10128)
      • cmd.exe (PID: 13144)
      • cmd.exe (PID: 12760)
      • cmd.exe (PID: 13804)
      • cmd.exe (PID: 13240)
      • cmd.exe (PID: 13224)
      • cmd.exe (PID: 12772)
      • cmd.exe (PID: 14184)
      • cmd.exe (PID: 13444)
      • cmd.exe (PID: 13276)
      • cmd.exe (PID: 11168)
      • cmd.exe (PID: 3264)
      • cmd.exe (PID: 9800)
      • cmd.exe (PID: 13452)
      • cmd.exe (PID: 13440)
      • cmd.exe (PID: 12852)
      • cmd.exe (PID: 12920)
      • cmd.exe (PID: 12896)
      • cmd.exe (PID: 12972)
      • cmd.exe (PID: 13000)
      • cmd.exe (PID: 13924)
      • cmd.exe (PID: 12836)

    • Starts CMD.EXE for commands execution

      • ADZP 20 Complex.exe (PID: 2960)
      • cmd.exe (PID: 2732)
      • ADZP 20 Complex.exe (PID: 2032)
      • ADZP 20 Complex.exe (PID: 2340)
      • cmd.exe (PID: 3272)
      • ADZP 20 Complex.exe (PID: 1912)
      • cmd.exe (PID: 3296)
      • cmd.exe (PID: 3584)
      • ADZP 20 Complex.exe (PID: 4620)
      • ADZP 20 Complex.exe (PID: 2956)
      • ADZP 20 Complex.exe (PID: 5964)
      • ADZP 20 Complex.exe (PID: 5168)
      • ADZP 20 Complex.exe (PID: 4288)
      • ADZP 20 Complex.exe (PID: 4652)
      • cmd.exe (PID: 6100)
      • cmd.exe (PID: 6116)
      • cmd.exe (PID: 5416)
      • cmd.exe (PID: 4604)
      • cmd.exe (PID: 4180)
      • cmd.exe (PID: 4448)
      • ADZP 20 Complex.exe (PID: 5716)
      • ADZP 20 Complex.exe (PID: 4380)
      • cmd.exe (PID: 4660)
      • cmd.exe (PID: 956)
      • cmd.exe (PID: 5220)
      • ADZP 20 Complex.exe (PID: 4832)
      • ADZP 20 Complex.exe (PID: 6984)
      • cmd.exe (PID: 10540)
      • ADZP 20 Complex.exe (PID: 3016)
      • ADZP 20 Complex.exe (PID: 2004)
      • cmd.exe (PID: 6172)
      • ADZP 20 Complex.exe (PID: 4020)
      • ADZP 20 Complex.exe (PID: 7192)
      • cmd.exe (PID: 7080)
      • ADZP 20 Complex.exe (PID: 328)
      • cmd.exe (PID: 6400)
      • ADZP 20 Complex.exe (PID: 2520)
      • cmd.exe (PID: 7840)
      • ADZP 20 Complex.exe (PID: 3088)
      • ADZP 20 Complex.exe (PID: 7044)
      • ADZP 20 Complex.exe (PID: 6932)
      • cmd.exe (PID: 6720)
      • cmd.exe (PID: 6672)
      • cmd.exe (PID: 3640)
      • ADZP 20 Complex.exe (PID: 7424)
      • cmd.exe (PID: 7772)
      • ADZP 20 Complex.exe (PID: 5016)
      • ADZP 20 Complex.exe (PID: 8184)
      • ADZP 20 Complex.exe (PID: 2988)
      • ADZP 20 Complex.exe (PID: 7008)
      • ADZP 20 Complex.exe (PID: 7128)
      • cmd.exe (PID: 6864)
      • ADZP 20 Complex.exe (PID: 8280)
      • cmd.exe (PID: 11932)
      • ADZP 20 Complex.exe (PID: 844)
      • ADZP 20 Complex.exe (PID: 9916)
      • cmd.exe (PID: 10376)
      • ADZP 20 Complex.exe (PID: 10140)
      • cmd.exe (PID: 6256)
      • cmd.exe (PID: 4192)
      • cmd.exe (PID: 8008)
      • ADZP 20 Complex.exe (PID: 10032)
      • ADZP 20 Complex.exe (PID: 9836)
      • ADZP 20 Complex.exe (PID: 9964)
      • cmd.exe (PID: 8180)
      • ADZP 20 Complex.exe (PID: 8420)
      • cmd.exe (PID: 11580)
      • ADZP 20 Complex.exe (PID: 10136)
      • cmd.exe (PID: 7152)
      • cmd.exe (PID: 7880)
      • ADZP 20 Complex.exe (PID: 8864)
      • ADZP 20 Complex.exe (PID: 9460)
      • cmd.exe (PID: 10252)
      • ADZP 20 Complex.exe (PID: 10012)
      • cmd.exe (PID: 7956)
      • ADZP 20 Complex.exe (PID: 752)
      • ADZP 20 Complex.exe (PID: 10100)
      • cmd.exe (PID: 7780)
      • ADZP 20 Complex.exe (PID: 9276)
      • cmd.exe (PID: 6324)
      • cmd.exe (PID: 6852)
      • ADZP 20 Complex.exe (PID: 8684)
      • cmd.exe (PID: 10128)
      • cmd.exe (PID: 12704)
      • cmd.exe (PID: 14068)
      • ADZP 20 Complex.exe (PID: 9824)
      • ADZP 20 Complex.exe (PID: 9652)
      • ADZP 20 Complex.exe (PID: 10024)
      • ADZP 20 Complex.exe (PID: 9036)
      • ADZP 20 Complex.exe (PID: 9488)
      • ADZP 20 Complex.exe (PID: 10208)
      • ADZP 20 Complex.exe (PID: 9408)
      • ADZP 20 Complex.exe (PID: 9180)
      • ADZP 20 Complex.exe (PID: 2996)
      • cmd.exe (PID: 13144)
      • cmd.exe (PID: 14184)
      • cmd.exe (PID: 12760)
      • cmd.exe (PID: 13804)
      • cmd.exe (PID: 13240)
      • cmd.exe (PID: 13224)
      • cmd.exe (PID: 12772)
      • ADZP 20 Complex.exe (PID: 10524)
      • ADZP 20 Complex.exe (PID: 11248)
      • ADZP 20 Complex.exe (PID: 10824)
      • ADZP 20 Complex.exe (PID: 12136)
      • ADZP 20 Complex.exe (PID: 10428)
      • cmd.exe (PID: 13444)
      • cmd.exe (PID: 13276)
      • cmd.exe (PID: 13440)
      • cmd.exe (PID: 3264)
      • cmd.exe (PID: 9800)
      • cmd.exe (PID: 13452)
      • cmd.exe (PID: 11168)
      • cmd.exe (PID: 12920)
      • cmd.exe (PID: 12852)
      • cmd.exe (PID: 12896)
      • cmd.exe (PID: 13000)
      • ADZP 20 Complex.exe (PID: 11220)
      • cmd.exe (PID: 12972)
      • ADZP 20 Complex.exe (PID: 11784)
      • cmd.exe (PID: 13924)
      • cmd.exe (PID: 12836)

    • Process uses IPCONFIG to discard the IP address configuration

      • cmd.exe (PID: 2732)
      • cmd.exe (PID: 3272)
      • cmd.exe (PID: 3296)
      • cmd.exe (PID: 3584)
      • cmd.exe (PID: 6100)
      • cmd.exe (PID: 6116)
      • cmd.exe (PID: 5416)
      • cmd.exe (PID: 4180)
      • cmd.exe (PID: 4604)
      • cmd.exe (PID: 4448)
      • cmd.exe (PID: 4660)
      • cmd.exe (PID: 956)
      • cmd.exe (PID: 5220)
      • cmd.exe (PID: 6172)
      • cmd.exe (PID: 7080)
      • cmd.exe (PID: 10540)
      • cmd.exe (PID: 7840)
      • cmd.exe (PID: 6672)
      • cmd.exe (PID: 6400)
      • cmd.exe (PID: 7772)
      • cmd.exe (PID: 3640)
      • cmd.exe (PID: 6720)
      • cmd.exe (PID: 6864)
      • cmd.exe (PID: 6256)
      • cmd.exe (PID: 10376)

    • Uses ICACLS.EXE to modify access control lists

      • cmd.exe (PID: 1176)
      • cmd.exe (PID: 2464)
      • cmd.exe (PID: 3492)
      • cmd.exe (PID: 1956)
      • cmd.exe (PID: 7860)
      • cmd.exe (PID: 6416)
      • cmd.exe (PID: 6384)
      • cmd.exe (PID: 7268)
      • cmd.exe (PID: 5836)
      • cmd.exe (PID: 7532)
      • cmd.exe (PID: 6372)
      • cmd.exe (PID: 6188)
      • cmd.exe (PID: 7996)
      • cmd.exe (PID: 3584)
      • cmd.exe (PID: 2732)
      • cmd.exe (PID: 3296)
      • cmd.exe (PID: 3272)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 2732)
      • cmd.exe (PID: 3296)
      • cmd.exe (PID: 3272)
      • cmd.exe (PID: 3584)
      • cmd.exe (PID: 6100)
      • cmd.exe (PID: 5416)
      • cmd.exe (PID: 6116)
      • cmd.exe (PID: 4180)
      • cmd.exe (PID: 4448)
      • cmd.exe (PID: 4604)
      • cmd.exe (PID: 4660)
      • cmd.exe (PID: 956)
      • cmd.exe (PID: 5220)
      • cmd.exe (PID: 7080)
      • cmd.exe (PID: 6172)
      • cmd.exe (PID: 10540)
      • cmd.exe (PID: 7840)
      • cmd.exe (PID: 6400)
      • cmd.exe (PID: 7772)
      • cmd.exe (PID: 6672)
      • cmd.exe (PID: 3640)
      • cmd.exe (PID: 6720)

    • Uses ATTRIB.EXE to modify file attributes

      • cmd.exe (PID: 2732)
      • cmd.exe (PID: 3296)
      • cmd.exe (PID: 3584)
      • cmd.exe (PID: 3272)
      • cmd.exe (PID: 6100)
      • cmd.exe (PID: 4180)
      • cmd.exe (PID: 5416)
      • cmd.exe (PID: 6116)
      • cmd.exe (PID: 4448)
      • cmd.exe (PID: 4660)
      • cmd.exe (PID: 4604)
      • cmd.exe (PID: 956)
      • cmd.exe (PID: 5220)

    • Application launched itself

      • cmd.exe (PID: 2732)
      • cmd.exe (PID: 3272)
      • cmd.exe (PID: 3296)
      • cmd.exe (PID: 3584)
      • cmd.exe (PID: 6100)
      • cmd.exe (PID: 6116)
      • cmd.exe (PID: 5416)
      • cmd.exe (PID: 4604)
      • cmd.exe (PID: 4180)
      • cmd.exe (PID: 4448)
      • cmd.exe (PID: 4660)
      • cmd.exe (PID: 956)
      • cmd.exe (PID: 5220)
      • cmd.exe (PID: 10540)
      • cmd.exe (PID: 6172)
      • cmd.exe (PID: 7080)
      • cmd.exe (PID: 6400)
      • cmd.exe (PID: 7772)
      • cmd.exe (PID: 7840)
      • cmd.exe (PID: 6720)
      • cmd.exe (PID: 6672)
      • cmd.exe (PID: 3640)
      • cmd.exe (PID: 6864)
      • cmd.exe (PID: 11932)
      • cmd.exe (PID: 10376)
      • cmd.exe (PID: 6256)
      • cmd.exe (PID: 8008)
      • cmd.exe (PID: 4192)
      • cmd.exe (PID: 8180)
      • cmd.exe (PID: 11580)
      • cmd.exe (PID: 10252)
      • cmd.exe (PID: 7152)
      • cmd.exe (PID: 7880)
      • cmd.exe (PID: 7956)
      • cmd.exe (PID: 6324)
      • cmd.exe (PID: 7780)
      • cmd.exe (PID: 14068)
      • cmd.exe (PID: 6852)
      • cmd.exe (PID: 10128)
      • cmd.exe (PID: 12704)
      • cmd.exe (PID: 13144)
      • cmd.exe (PID: 12760)
      • cmd.exe (PID: 13804)
      • cmd.exe (PID: 13240)
      • cmd.exe (PID: 13224)
      • cmd.exe (PID: 12772)
      • cmd.exe (PID: 14184)
      • cmd.exe (PID: 13444)
      • cmd.exe (PID: 13276)
      • cmd.exe (PID: 13440)
      • cmd.exe (PID: 11168)
      • cmd.exe (PID: 9800)
      • cmd.exe (PID: 13452)
      • cmd.exe (PID: 3264)
      • cmd.exe (PID: 12852)
      • cmd.exe (PID: 12920)
      • cmd.exe (PID: 12896)
      • cmd.exe (PID: 12972)
      • cmd.exe (PID: 13000)
      • cmd.exe (PID: 13924)
      • cmd.exe (PID: 12836)

    • Takes ownership (TAKEOWN.EXE)

      • cmd.exe (PID: 1956)
      • cmd.exe (PID: 3492)
      • cmd.exe (PID: 2464)
      • cmd.exe (PID: 1176)
      • cmd.exe (PID: 7860)
      • cmd.exe (PID: 6416)
      • cmd.exe (PID: 5836)
      • cmd.exe (PID: 7532)
      • cmd.exe (PID: 6372)
      • cmd.exe (PID: 6188)
      • cmd.exe (PID: 7996)
      • cmd.exe (PID: 6384)
      • cmd.exe (PID: 7268)

    • The process checks if it is being run in the virtual environment

      • icacls.exe (PID: 2212)
      • icacls.exe (PID: 2220)
      • icacls.exe (PID: 1828)
      • icacls.exe (PID: 2424)

    • Starts application with an unusual extension

      • cmd.exe (PID: 3584)
      • cmd.exe (PID: 2732)
      • cmd.exe (PID: 3296)
      • cmd.exe (PID: 3272)

  • INFO

    • Application launched itself

      • chrome.exe (PID: 2400)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 2400)

    • The process uses the downloaded file

      • chrome.exe (PID: 3460)
      • cmd.exe (PID: 2732)

    • Create files in a temporary directory

      • ADZP 20 Complex.exe (PID: 2960)
      • ADZP 20 Complex.exe (PID: 2032)
      • ADZP 20 Complex.exe (PID: 1912)
      • ADZP 20 Complex.exe (PID: 2340)
      • ADZP 20 Complex.exe (PID: 5964)
      • ADZP 20 Complex.exe (PID: 4652)
      • ADZP 20 Complex.exe (PID: 5168)
      • ADZP 20 Complex.exe (PID: 2956)
      • ADZP 20 Complex.exe (PID: 4288)
      • ADZP 20 Complex.exe (PID: 4832)
      • ADZP 20 Complex.exe (PID: 4620)

    • Manual execution by a user

      • ADZP 20 Complex.exe (PID: 2960)

    • Checks supported languages

      • ADZP 20 Complex.exe (PID: 2960)
      • ADZP 20 Complex.exe (PID: 2032)
      • ADZP 20 Complex.exe (PID: 2340)
      • ADZP 20 Complex.exe (PID: 1912)
      • ADZP 20 Complex.exe (PID: 4620)
      • ADZP 20 Complex.exe (PID: 4288)
      • ADZP 20 Complex.exe (PID: 5964)
      • ADZP 20 Complex.exe (PID: 4652)
      • ADZP 20 Complex.exe (PID: 5168)
      • ADZP 20 Complex.exe (PID: 2956)
      • ADZP 20 Complex.exe (PID: 5716)
      • ADZP 20 Complex.exe (PID: 4380)
      • ADZP 20 Complex.exe (PID: 4832)

    • The process checks LSA protection

      • netsh.exe (PID: 1276)
      • taskkill.exe (PID: 576)
      • takeown.exe (PID: 2760)
      • explorer.exe (PID: 1232)
      • explorer.exe (PID: 1628)
      • mspaint.exe (PID: 128)
      • mspaint.exe (PID: 3816)
      • mspaint.exe (PID: 3864)
      • netsh.exe (PID: 2148)
      • netsh.exe (PID: 1876)
      • netsh.exe (PID: 2804)
      • taskkill.exe (PID: 780)
      • taskkill.exe (PID: 3284)
      • taskkill.exe (PID: 2056)
      • takeown.exe (PID: 2580)
      • takeown.exe (PID: 2192)
      • explorer.exe (PID: 2768)
      • mspaint.exe (PID: 5860)
      • explorer.exe (PID: 3032)
      • mspaint.exe (PID: 4108)
      • explorer.exe (PID: 4712)
      • mspaint.exe (PID: 4908)
      • explorer.exe (PID: 5960)
      • explorer.exe (PID: 5044)
      • explorer.exe (PID: 5276)
      • mspaint.exe (PID: 4960)
      • mspaint.exe (PID: 5368)
      • explorer.exe (PID: 4692)
      • takeown.exe (PID: 2292)
      • mspaint.exe (PID: 5380)
      • explorer.exe (PID: 5100)
      • mspaint.exe (PID: 4444)
      • explorer.exe (PID: 4372)
      • explorer.exe (PID: 5952)
      • mspaint.exe (PID: 3132)
      • netsh.exe (PID: 5244)
      • netsh.exe (PID: 4424)
      • netsh.exe (PID: 4132)
      • netsh.exe (PID: 4144)
      • netsh.exe (PID: 4460)
      • netsh.exe (PID: 5468)
      • netsh.exe (PID: 4504)
      • netsh.exe (PID: 6076)
      • netsh.exe (PID: 6304)
      • mspaint.exe (PID: 5948)
      • taskkill.exe (PID: 6428)
      • taskkill.exe (PID: 7152)
      • taskkill.exe (PID: 6292)
      • taskkill.exe (PID: 7404)
      • taskkill.exe (PID: 7668)
      • taskkill.exe (PID: 6020)
      • taskkill.exe (PID: 5100)
      • taskkill.exe (PID: 660)
      • taskkill.exe (PID: 6460)
      • takeown.exe (PID: 6488)
      • takeown.exe (PID: 7400)
      • takeown.exe (PID: 7456)
      • takeown.exe (PID: 7136)
      • takeown.exe (PID: 7832)
      • takeown.exe (PID: 7908)
      • takeown.exe (PID: 7064)
      • takeown.exe (PID: 1948)
      • takeown.exe (PID: 7728)

    • The executable file from the user directory is run by the CMD process

      • ADZP 20 Complex.exe (PID: 2032)
      • ADZP 20 Complex.exe (PID: 2340)
      • ADZP 20 Complex.exe (PID: 1912)
      • ADZP 20 Complex.exe (PID: 4288)
      • ADZP 20 Complex.exe (PID: 4620)
      • ADZP 20 Complex.exe (PID: 5168)
      • ADZP 20 Complex.exe (PID: 2956)
      • ADZP 20 Complex.exe (PID: 4652)
      • ADZP 20 Complex.exe (PID: 5964)
      • ADZP 20 Complex.exe (PID: 4380)
      • ADZP 20 Complex.exe (PID: 5716)
      • ADZP 20 Complex.exe (PID: 4832)
      • ADZP 20 Complex.exe (PID: 6984)
      • ADZP 20 Complex.exe (PID: 4020)
      • ADZP 20 Complex.exe (PID: 7192)
      • ADZP 20 Complex.exe (PID: 3016)
      • ADZP 20 Complex.exe (PID: 6932)
      • ADZP 20 Complex.exe (PID: 2004)
      • ADZP 20 Complex.exe (PID: 328)
      • ADZP 20 Complex.exe (PID: 2520)
      • ADZP 20 Complex.exe (PID: 3088)
      • ADZP 20 Complex.exe (PID: 7044)
      • ADZP 20 Complex.exe (PID: 8184)
      • ADZP 20 Complex.exe (PID: 5016)
      • ADZP 20 Complex.exe (PID: 7424)
      • ADZP 20 Complex.exe (PID: 844)
      • ADZP 20 Complex.exe (PID: 2988)
      • ADZP 20 Complex.exe (PID: 9964)
      • ADZP 20 Complex.exe (PID: 9916)
      • ADZP 20 Complex.exe (PID: 10032)
      • ADZP 20 Complex.exe (PID: 10140)
      • ADZP 20 Complex.exe (PID: 9836)
      • ADZP 20 Complex.exe (PID: 10136)
      • ADZP 20 Complex.exe (PID: 8420)
      • ADZP 20 Complex.exe (PID: 7008)
      • ADZP 20 Complex.exe (PID: 7128)
      • ADZP 20 Complex.exe (PID: 8280)
      • ADZP 20 Complex.exe (PID: 8864)
      • ADZP 20 Complex.exe (PID: 9460)
      • ADZP 20 Complex.exe (PID: 10012)
      • ADZP 20 Complex.exe (PID: 10100)
      • ADZP 20 Complex.exe (PID: 752)
      • ADZP 20 Complex.exe (PID: 9276)
      • ADZP 20 Complex.exe (PID: 9652)
      • ADZP 20 Complex.exe (PID: 9824)
      • ADZP 20 Complex.exe (PID: 9488)
      • ADZP 20 Complex.exe (PID: 9036)
      • ADZP 20 Complex.exe (PID: 10208)
      • ADZP 20 Complex.exe (PID: 9180)
      • ADZP 20 Complex.exe (PID: 10024)
      • ADZP 20 Complex.exe (PID: 2996)
      • ADZP 20 Complex.exe (PID: 10524)
      • ADZP 20 Complex.exe (PID: 8684)
      • ADZP 20 Complex.exe (PID: 9408)
      • ADZP 20 Complex.exe (PID: 11248)
      • ADZP 20 Complex.exe (PID: 12136)
      • ADZP 20 Complex.exe (PID: 10824)
      • ADZP 20 Complex.exe (PID: 10428)
      • ADZP 20 Complex.exe (PID: 11784)
      • ADZP 20 Complex.exe (PID: 11220)
      • ADZP 20 Complex.exe (PID: 15056)
      • ADZP 20 Complex.exe (PID: 16012)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
1 138
Monitored processes
923
Malicious processes
81
Suspicious processes
27

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs adzp 20 complex.exe no specs cmd.exe cmd.exe no specs netsh.exe no specs reg.exe no specs cmd.exe no specs wscript.exe no specs cmd.exe no specs reg.exe no specs reg.exe no specs ipconfig.exe no specs takeown.exe no specs taskkill.exe no specs icacls.exe no specs attrib.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs msg.exe no specs msg.exe no specs msg.exe no specs adzp 20 complex.exe no specs notepad.exe no specs calc.exe no specs explorer.exe no specs mspaint.exe no specs adzp 20 complex.exe no specs notepad.exe no specs calc.exe no specs cmd.exe explorer.exe no specs mspaint.exe no specs adzp 20 complex.exe no specs notepad.exe no specs calc.exe no specs explorer.exe no specs mspaint.exe no specs wscript.exe no specs wscript.exe no specs cmd.exe wscript.exe no specs cmd.exe no specs wscript.exe no specs netsh.exe no specs cmd.exe no specs wscript.exe no specs netsh.exe no specs cmd.exe wscript.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs wscript.exe no specs wscript.exe no specs cmd.exe no specs cmd.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs ipconfig.exe no specs ipconfig.exe no specs taskkill.exe no specs wscript.exe no specs cmd.exe no specs taskkill.exe no specs reg.exe no specs reg.exe no specs ipconfig.exe no specs taskkill.exe no specs takeown.exe no specs takeown.exe no specs icacls.exe no specs icacls.exe no specs takeown.exe no specs icacls.exe no specs attrib.exe no specs attrib.exe no specs attrib.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs msg.exe no specs msg.exe no specs wscript.exe no specs msg.exe no specs msg.exe no specs wscript.exe no specs msg.exe no specs msg.exe no specs wscript.exe no specs adzp 20 complex.exe no specs notepad.exe no specs msg.exe no specs calc.exe no specs adzp 20 complex.exe no specs explorer.exe no specs notepad.exe no specs mspaint.exe no specs adzp 20 complex.exe no specs notepad.exe no specs calc.exe no specs calc.exe no specs explorer.exe no specs mspaint.exe no specs explorer.exe no specs adzp 20 complex.exe no specs mspaint.exe no specs notepad.exe no specs adzp 20 complex.exe no specs calc.exe no specs notepad.exe no specs explorer.exe no specs calc.exe no specs explorer.exe no specs mspaint.exe no specs mspaint.exe no specs adzp 20 complex.exe no specs notepad.exe no specs msg.exe no specs calc.exe no specs explorer.exe no specs mspaint.exe no specs wscript.exe no specs msg.exe no specs wscript.exe no specs adzp 20 complex.exe no specs wscript.exe no specs notepad.exe no specs calc.exe no specs explorer.exe no specs mspaint.exe no specs adzp 20 complex.exe no specs notepad.exe no specs wscript.exe no specs calc.exe no specs explorer.exe no specs mspaint.exe no specs adzp 20 complex.exe no specs notepad.exe no specs calc.exe no specs explorer.exe no specs mspaint.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs wscript.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs wscript.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs wscript.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs wscript.exe no specs cmd.exe no specs reg.exe no specs wscript.exe no specs wscript.exe no specs cmd.exe no specs cmd.exe no specs reg.exe no specs reg.exe no specs wscript.exe no specs reg.exe no specs wscript.exe no specs cmd.exe no specs wscript.exe no specs cmd.exe no specs cmd.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs ipconfig.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs ipconfig.exe no specs ipconfig.exe no specs taskkill.exe no specs ipconfig.exe no specs ipconfig.exe no specs ipconfig.exe no specs wscript.exe no specs cmd.exe no specs wscript.exe no specs taskkill.exe no specs reg.exe no specs cmd.exe no specs taskkill.exe no specs reg.exe no specs taskkill.exe no specs wscript.exe no specs taskkill.exe no specs taskkill.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs reg.exe no specs ipconfig.exe no specs ipconfig.exe no specs reg.exe no specs taskkill.exe no specs taskkill.exe no specs ipconfig.exe no specs taskkill.exe no specs takeown.exe no specs takeown.exe no specs takeown.exe no specs takeown.exe no specs takeown.exe no specs takeown.exe no specs icacls.exe no specs icacls.exe no specs icacls.exe no specs icacls.exe no specs icacls.exe no specs icacls.exe no specs takeown.exe no specs takeown.exe no specs takeown.exe no specs icacls.exe no specs icacls.exe no specs icacls.exe no specs adzp 20 complex.exe no specs notepad.exe no specs calc.exe no specs explorer.exe no specs mspaint.exe no specs adzp 20 complex.exe no specs notepad.exe no specs calc.exe no specs explorer.exe no specs mspaint.exe no specs adzp 20 complex.exe no specs notepad.exe no specs calc.exe no specs explorer.exe no specs mspaint.exe no specs adzp 20 complex.exe no specs notepad.exe no specs calc.exe no specs explorer.exe no specs mspaint.exe no specs adzp 20 complex.exe no specs notepad.exe no specs calc.exe no specs explorer.exe no specs mspaint.exe no specs adzp 20 complex.exe no specs adzp 20 complex.exe no specs notepad.exe no specs notepad.exe no specs calc.exe no specs calc.exe no specs explorer.exe no specs explorer.exe no specs mspaint.exe no specs mspaint.exe no specs adzp 20 complex.exe no specs notepad.exe no specs calc.exe no specs explorer.exe no specs mspaint.exe no specs adzp 20 complex.exe no specs notepad.exe no specs adzp 20 complex.exe no specs calc.exe no specs notepad.exe no specs explorer.exe no specs calc.exe no specs mspaint.exe no specs explorer.exe no specs adzp 20 complex.exe no specs mspaint.exe no specs notepad.exe no specs adzp 20 complex.exe no specs calc.exe no specs notepad.exe no specs explorer.exe no specs calc.exe no specs mspaint.exe no specs explorer.exe no specs adzp 20 complex.exe no specs mspaint.exe no specs notepad.exe no specs adzp 20 complex.exe no specs calc.exe no specs notepad.exe no specs explorer.exe no specs calc.exe no specs mspaint.exe no specs explorer.exe no specs adzp 20 complex.exe no specs mspaint.exe no specs notepad.exe no specs adzp 20 complex.exe no specs calc.exe no specs notepad.exe no specs adzp 20 complex.exe no specs explorer.exe no specs calc.exe no specs adzp 20 complex.exe no specs notepad.exe no specs mspaint.exe no specs explorer.exe no specs notepad.exe no specs calc.exe no specs calc.exe no specs explorer.exe no specs explorer.exe no specs mspaint.exe no specs mspaint.exe no specs mspaint.exe no specs adzp 20 complex.exe no specs adzp 20 complex.exe no specs adzp 20 complex.exe no specs notepad.exe no specs notepad.exe no specs notepad.exe no specs calc.exe no specs calc.exe no specs calc.exe no specs explorer.exe no specs explorer.exe no specs explorer.exe no specs mspaint.exe no specs mspaint.exe no specs adzp 20 complex.exe no specs adzp 20 complex.exe no specs mspaint.exe no specs notepad.exe no specs notepad.exe no specs adzp 20 complex.exe no specs calc.exe no specs calc.exe no specs notepad.exe no specs explorer.exe no specs explorer.exe no specs calc.exe no specs mspaint.exe no specs mspaint.exe no specs explorer.exe no specs adzp 20 complex.exe no specs mspaint.exe no specs notepad.exe no specs adzp 20 complex.exe no specs calc.exe no specs explorer.exe no specs adzp 20 complex.exe no specs mspaint.exe no specs notepad.exe no specs notepad.exe no specs adzp 20 complex.exe no specs calc.exe no specs calc.exe no specs notepad.exe no specs explorer.exe no specs explorer.exe no specs calc.exe no specs mspaint.exe no specs mspaint.exe no specs explorer.exe no specs adzp 20 complex.exe no specs adzp 20 complex.exe no specs mspaint.exe no specs notepad.exe no specs notepad.exe no specs adzp 20 complex.exe no specs calc.exe no specs calc.exe no specs notepad.exe no specs explorer.exe no specs explorer.exe no specs calc.exe no specs mspaint.exe no specs mspaint.exe no specs explorer.exe no specs adzp 20 complex.exe no specs adzp 20 complex.exe no specs mspaint.exe no specs notepad.exe no specs adzp 20 complex.exe no specs notepad.exe no specs calc.exe no specs notepad.exe no specs calc.exe no specs explorer.exe no specs calc.exe no specs explorer.exe no specs mspaint.exe no specs explorer.exe no specs mspaint.exe no specs icacls.exe no specs mspaint.exe no specs adzp 20 complex.exe no specs adzp 20 complex.exe no specs notepad.exe no specs notepad.exe no specs calc.exe no specs calc.exe no specs explorer.exe no specs explorer.exe no specs mspaint.exe no specs mspaint.exe no specs adzp 20 complex.exe no specs attrib.exe no specs adzp 20 complex.exe no specs notepad.exe no specs notepad.exe no specs calc.exe no specs calc.exe no specs explorer.exe no specs explorer.exe no specs mspaint.exe no specs mspaint.exe no specs adzp 20 complex.exe no specs adzp 20 complex.exe no specs notepad.exe no specs notepad.exe no specs calc.exe no specs calc.exe no specs adzp 20 complex.exe no specs explorer.exe no specs explorer.exe no specs notepad.exe no specs mspaint.exe no specs mspaint.exe no specs calc.exe no specs icacls.exe no specs adzp 20 complex.exe no specs explorer.exe no specs notepad.exe no specs mspaint.exe no specs calc.exe no specs adzp 20 complex.exe no specs explorer.exe no specs notepad.exe no specs mspaint.exe no specs calc.exe no specs attrib.exe no specs adzp 20 complex.exe no specs explorer.exe no specs notepad.exe no specs mspaint.exe no specs calc.exe no specs adzp 20 complex.exe no specs explorer.exe no specs notepad.exe no specs mspaint.exe no specs calc.exe no specs icacls.exe no specs explorer.exe no specs mspaint.exe no specs adzp 20 complex.exe no specs notepad.exe no specs calc.exe no specs explorer.exe no specs attrib.exe no specs mspaint.exe no specs adzp 20 complex.exe no specs notepad.exe no specs calc.exe no specs explorer.exe no specs mspaint.exe no specs adzp 20 complex.exe no specs notepad.exe no specs calc.exe no specs explorer.exe no specs mspaint.exe no specs icacls.exe no specs attrib.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs format.com no specs attrib.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs attrib.exe no specs cmd.exe no specs cmd.exe no specs attrib.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs attrib.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs format.com no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs takeown.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs format.com no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs attrib.exe no specs cmd.exe no specs netsh.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs format.com no specs takeown.exe no specs wscript.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs icacls.exe no specs cmd.exe no specs cmd.exe no specs format.com no specs cmd.exe no specs wscript.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs wscript.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs wscript.exe no specs netsh.exe no specs takeown.exe no specs format.com no specs cmd.exe no specs cmd.exe no specs icacls.exe no specs netsh.exe no specs netsh.exe no specs cmd.exe no specs format.com no specs attrib.exe no specs attrib.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs wscript.exe no specs cmd.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs format.com no specs attrib.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs format.com no specs icacls.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs takeown.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs wscript.exe no specs format.com no specs cmd.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs format.com no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs netsh.exe no specs wscript.exe no specs cmd.exe no specs format.com no specs cmd.exe no specs netsh.exe no specs wscript.exe no specs icacls.exe no specs reg.exe no specs wscript.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs reg.exe no specs format.com no specs wscript.exe no specs cmd.exe no specs wscript.exe no specs reg.exe no specs wscript.exe no specs format.com no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs reg.exe no specs wscript.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs cmd.exe no specs wscript.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs format.com no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs reg.exe no specs reg.exe no specs netsh.exe no specs format.com no specs reg.exe no specs wscript.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs wscript.exe no specs reg.exe no specs wscript.exe no specs format.com no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs cmd.exe no specs ipconfig.exe no specs ipconfig.exe no specs ipconfig.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs wscript.exe no specs reg.exe no specs wscript.exe no specs reg.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs format.com no specs ipconfig.exe no specs reg.exe no specs format.com no specs ipconfig.exe no specs ipconfig.exe no specs reg.exe no specs format.com no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs taskkill.exe no specs wscript.exe no specs reg.exe no specs taskkill.exe no specs wscript.exe no specs taskkill.exe no specs cmd.exe no specs reg.exe no specs wscript.exe no specs wscript.exe no specs cmd.exe no specs wscript.exe no specs cmd.exe no specs ipconfig.exe no specs wscript.exe no specs reg.exe no specs ipconfig.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs format.com no specs cmd.exe no specs reg.exe no specs reg.exe no specs wscript.exe no specs reg.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs reg.exe no specs taskkill.exe no specs wscript.exe no specs ipconfig.exe no specs format.com no specs taskkill.exe no specs taskkill.exe no specs takeown.exe no specs ipconfig.exe no specs wscript.exe no specs format.com no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs ipconfig.exe no specs reg.exe no specs format.com no specs reg.exe no specs reg.exe no specs reg.exe no specs wscript.exe no specs ipconfig.exe no specs wscript.exe no specs wscript.exe no specs taskkill.exe no specs wscript.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs reg.exe no specs taskkill.exe no specs wscript.exe no specs adzp 20 complex.exe no specs cmd.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs notepad.exe no specs reg.exe no specs reg.exe no specs calc.exe no specs attrib.exe no specs explorer.exe no specs taskkill.exe no specs wscript.exe no specs mspaint.exe no specs wscript.exe no specs wscript.exe no specs wscript.exe no specs format.com no specs adzp 20 complex.exe no specs wscript.exe no specs wscript.exe no specs notepad.exe no specs wscript.exe no specs icacls.exe no specs calc.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
120"C:\Windows\System32\WScript.exe" "C:\Users\admin\Downloads\ErrorCritico.vbs" C:\Windows\System32\wscript.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
Modules
Images
c:\windows\system32\wscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lpk.dll
124"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1052,7861834959313788946,1961546794594840969,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2128 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
128mspaint.exe C:\Windows\System32\mspaint.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Paint
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mspaint.exe
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
328"C:\Users\admin\Downloads\ADZP 20 Complex.exe" C:\Users\admin\Downloads\ADZP 20 Complex.execmd.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
576taskkill /im DiskPart /fC:\Windows\System32\taskkill.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Terminates Processes
Exit code:
128
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lpk.dll
c:\windows\system32\version.dll
596"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1052,7861834959313788946,1961546794594840969,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
596msg * Virus DetectadoC:\Windows\System32\msg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Message Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winsta.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
596calc C:\Windows\System32\calc.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Calculator
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\shell32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\usp10.dll
660taskkill /im DiskPart /fC:\Windows\System32\taskkill.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Terminates Processes
Exit code:
128
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskkill.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\gdi32.dll
672"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1052,7861834959313788946,1961546794594840969,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgACAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1056 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
Total events
32 123
Read events
30 795
Write events
1 328
Delete events
0

Modification events

(PID) Process:(2400) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2400) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2400) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(2400) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2400) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(2400) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(2400) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(2400) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid_installdate
Value:
0
(PID) Process:(2400) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid_enableddate
Value:
0
(PID) Process:(2400) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
1
Executable files
5
Suspicious files
26
Text files
202
Unknown types
0

Dropped files

PID
Process
Filename
Type
2400chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-64AC7226-960.pma
MD5:
SHA256:
2400chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.oldtext
MD5:995C92837E4775CAFFE387D51ADBA520
SHA256:51247C3464FD988B72670002D01A57FBFF1348704D325DC8FF8817ED2459D0D9
2400chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF11701c.TMPtext
MD5:B628564B8042F6E2CC2F53710AAECDC0
SHA256:1D3B022BDEE9F48D79E3EC1E93F519036003642D3D72D10B05CFD47F43EFBF13
2400chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF116f22.TMPtext
MD5:64AD8ED3E666540337BA541C549F72F7
SHA256:BECBDB08B5B37D203A85F2E974407334053BB1D2270F0B3C9A4DB963896F2206
2400chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\f6ed1615-f101-4b16-8db1-95a1725230f1.tmpbinary
MD5:5058F1AF8388633F609CADB75A75DC9D
SHA256:
2908chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pmabinary
MD5:03C4F648043A88675A920425D824E1B3
SHA256:F91DBB7C64B4582F529C968C480D2DCE1C8727390482F31E4355A27BB3D9B450
2400chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF116f22.TMPtext
MD5:936EB7280DA791E6DD28EF3A9B46D39C
SHA256:CBAF2AFD831B32F6D1C12337EE5D2F090D6AE1F4DCB40B08BEF49BF52AD9721F
2400chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.oldtext
MD5:EF1D5606A483BB6C72C81A3F649BEB18
SHA256:BA083E7585ADA9936944FE56BC0141A544F18A01C3424E5C9F02375B34FE3D45
2400chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Versiontext
MD5:00046F773EFDD3C8F8F6D0F87A2B93DC
SHA256:593EDE11D17AF7F016828068BCA2E93CF240417563FB06DC8A579110AEF81731
2400chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datbinary
MD5:9C016064A1F864C8140915D77CF3389A
SHA256:0E7265D4A8C16223538EDD8CD620B8820611C74538E420A88E333BE7F62AC787
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
101
DNS requests
21
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3224
chrome.exe
GET
204
142.250.186.35:80
http://www.gstatic.com/generate_204
US
whitelisted
3224
chrome.exe
GET
204
142.250.186.35:80
http://www.gstatic.com/generate_204
US
whitelisted
3224
chrome.exe
GET
204
142.250.186.35:80
http://www.gstatic.com/generate_204
US
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
1076
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
2400
chrome.exe
239.255.255.250:1900
whitelisted
1140
svchost.exe
239.255.255.250:1900
whitelisted
3224
chrome.exe
142.250.184.238:443
clients2.google.com
GOOGLE
US
whitelisted
3224
chrome.exe
142.250.186.35:80
www.gstatic.com
GOOGLE
US
whitelisted
3224
chrome.exe
216.58.212.163:443
ssl.gstatic.com
GOOGLE
US
whitelisted
3224
chrome.exe
142.250.185.205:443
accounts.google.com
GOOGLE
US
suspicious
2400
chrome.exe
224.0.0.251:5353
unknown

DNS requests

Domain
IP
Reputation
github.com
  • 140.82.121.4
malicious
accounts.google.com
  • 142.250.185.205
shared
clients2.google.com
  • 142.250.184.238
whitelisted
clients2.googleusercontent.com
  • 142.250.185.161
whitelisted
ssl.gstatic.com
  • 216.58.212.163
whitelisted
www.gstatic.com
  • 142.250.186.35
whitelisted
update.googleapis.com
  • 142.250.181.227
whitelisted
github.githubassets.com
  • 185.199.108.154
  • 185.199.109.154
  • 185.199.110.154
  • 185.199.111.154
whitelisted
avatars.githubusercontent.com
  • 185.199.108.133
  • 185.199.110.133
  • 185.199.109.133
  • 185.199.111.133
whitelisted
github-cloud.s3.amazonaws.com
  • 52.216.60.161
  • 54.231.165.201
  • 52.217.231.161
  • 52.217.104.108
  • 3.5.28.216
  • 52.217.132.249
  • 3.5.27.194
  • 54.231.169.209
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://github.com/topics/virus-samples