Whats that kind of shit ?
Matches rule CoViper Malware by Ariel Millahuel at SOC Prime Threat Detection Marketplace
CoViper is a Wiper that appears during the COVID-19 situation
Processes created
C:\Users\user\AppData\Local\Temp\g1405dva.5td\genkeypair.exe
C:\Windows\SysWOW64\cmd.exe cmd.exe" /C "C:\Users\user\AppData\Local\Temp\g1405dva.5td\genkeypair.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Registry keys opened
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Watch out when you downloading from that github , possible Malware !