0c8c5f08a6c584aaa9d1d329f8cd93d30112a5e124ca778665295672fa9575fd

Analysis

Score

N/A

Adds Run entry to start application 2 TTPs 2 IoCs

Modify Registry

description
\REGISTRY\USER\S-1-5-21-2995773282-378168649-2823822635-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ (CreateKeyEx)
\REGISTRY\USER\S-1-5-21-2995773282-378168649-2823822635-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\""

Suspicious registry modification 1 IoCs

description
\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\System32\Configuration\xVersion = "4.0.0.1"