Threat Feed
partyguest.exe
2026-03-16T17:15:21.776
malicious
Windows Exe (x86-32)
Close
partyguest.exe
malicious
SHA256:
f6b165741640551c60c05e744b4dca4135d38df0a4905eb35caa8283f22e513e
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Suspicious content matched by YARA rules
2/5
Collects hardware properties
2/5
Hijack installed services
2/5
Reads network adapter information
2/5
Queries OS info via WMI
2/5
Disables a system tool
2/5
Sets up server that accepts incoming connections
1/5
Query OS Information
1/5
Enables process privileges
1/5
Tries to detect debugger
1/5
Unusual large memory allocation
1/5
Modifies application directory
1/5
Connects to remote host
1/5
Downloads file
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Creates an unusually large number of files
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Creates a page with write and execute permissions
1/5
Known RMM tool
1/5
Executes dropped PE file
1/5
Timestamp manipulation
1/5
Drops PE masquerading Filename
1/5
Performs DNS request
1/5
Installs system startup script or application
1/5
Enumerates running processes
1/5
Installs system service
1/5
Creates mutex
1/5
Creates process with hidden window
1/5
Accesses volumes directly
1/5
Modifies operating system directory
PUA
Hacktool
NRhAc2VorxiMD0Pq.exe
2026-03-16T17:08:03.355
malicious
Windows Exe (x86-64)
Close
NRhAc2VorxiMD0Pq.exe
malicious
SHA256:
47356e606ab1b9253aade875e46e4331c6f17198b037800cc001343740644497
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Malicious content matched by YARA rules
3/5
Suspicious content matched by YARA rules
2/5
Creates an unusually large number of processes
1/5
Creates mutex
1/5
Executes dropped PE file
1/5
Modifies operating system directory
1/5
Creates process with hidden window
1/5
Drops PE file
PUA
Hacktool
Miner
N0baET1drbjiCMvx.exe
2026-03-16T17:07:33.299
malicious
Windows Exe (x86-32)
Close
N0baET1drbjiCMvx.exe
malicious
SHA256:
7e113ad7d55d8426c5f92fca644c87b3b17f39784f27d4ec4791ab17e5146c30
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Tries to read cached credentials of various applications
5/5
Malicious content matched by YARA rules
5/5
UmbralStealer configuration was extracted
4/5
Malicious content matched by YARA rules
4/5
Modifies Windows Defender configuration
4/5
Blocks network connection to security products
3/5
Suspicious content matched by YARA rules
3/5
System Binary Proxy Execution
3/5
Modifies native system functions
3/5
Tries to detect the presence of antivirus software
3/5
Takes screenshot
2/5
Modifies network configuration
2/5
Reads network configuration
2/5
Searches for sensitive browser data
2/5
Reads network adapter information
2/5
Collects hardware properties
2/5
Searches for sensitive application data
2/5
Creates an unusually large number of processes
2/5
Sets up server that accepts incoming connections
2/5
Suspicious content matched by YARA rules
2/5
Modifies Windows Firewall configuration
2/5
Schedules task
2/5
Schedules task via schtasks
1/5
Accesses volumes directly
1/5
Modifies operating system directory
1/5
Enumerates running processes
1/5
Checks Internet connection
1/5
Resolves API functions dynamically
1/5
Creates mutex
1/5
Enables process privileges
1/5
Executes WMI query
1/5
Query OS Information
1/5
Creates process with hidden window
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Installs system startup script or application
Spyware
Ransomware
csQVJP8Y2iQFXd9M.exe
2026-03-16T17:07:30.063
malicious
Windows Exe (x86-32)
Close
csQVJP8Y2iQFXd9M.exe
malicious
SHA256:
8120db3dd92788fc3a59c44750c23888561d77fbfaf698952d1bee97a55c17db
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Deletes file after execution
1/5
Tries to detect debugger
1/5
Creates a page with write and execute permissions
1/5
Possibly does reconnaissance
1/5
Modifies operating system directory
1/5
Drops PE file
1/5
Timestamp manipulation
1/5
Creates process with hidden window
1/5
Drops PE masquerading Filename
1/5
Modifies application directory
7wBIbLIkBeFpIjsu.exe
2026-03-16T17:06:33.362
malicious
Windows Exe (x86-32)
Close
7wBIbLIkBeFpIjsu.exe
malicious
SHA256:
63030d4c38ec3b1db015d3ffea090c59b29e40710b8f7b692894ad3d9e0bbf07
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Creates an unusually large number of processes
1/5
Creates process with hidden window
1/5
Modifies operating system directory
1/5
A monitored process crashed
1/5
Drops PE file
1/5
Executes dropped PE file
Trojan