Analysis
-
max time kernel
77s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 21:17
Static task
static1
Behavioral task
behavioral1
Sample
99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Resource
win10v2004-20220812-en
General
-
Target
99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
-
Size
441KB
-
MD5
35bf4ab212827bf252272a2aaf21b3ce
-
SHA1
22516dce53c484df6340bc60f09c104f6c1a0a6d
-
SHA256
99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23
-
SHA512
3fdbe01f01423b54779a3f7aa6a87e6954c50efd5a4e93096365d706f24ed6329b2338c97503d46858d8c6572418cd03d12de6ac3631511f02d3780c25df6d1f
-
SSDEEP
6144:WYFLHGeOf1F2idZecnl20lHRxp3gQncduD7yB9VCO6Sco4q8+dE6CqCqds3j:Wg7HOXF3Z4mxxrDqVTVOC3W
Malware Config
Signatures
-
Drops file in Program Files directory 51 IoCs
Processes:
99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exedescription ioc process File opened for modification C:\Program Files (x86)\Google\Common\4883 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\tmp901.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\■71755小游戏-最好玩的在线小游戏!2.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\VANCL 凡客诚品 在线销售男装 女装 童装 鞋 配饰 家居2.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\当当网—网上购物中心:图书、母婴、美妆、家居、数码、家电、服装、鞋包等,正品低价,货到付款2.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files\Internet Explorer\MUIE\iexplore.exe 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File opened for modification C:\Program Files\Internet Explorer\MUIE 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\desktop.scf 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\■71755小游戏-最好玩的在线小游戏!.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\淘宝商城-品牌正品 商城保障.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\VANCL 凡客诚品 在线销售男装 女装 童装 鞋 配饰 家居.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\最新电视剧大全2.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\975.tmp 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\■绝色高清电影网.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\■极光网络电视-极速高清网络电视在线观看.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\清纯诱惑美女图2.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File opened for modification C:\Program Files\Internet Explorer\MUIE\iexplore.exe 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\tmp450.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\tmp828.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\6098.tmp 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\麦考林网上购物,享受网购乐趣,尽在麦网购物商城! 时尚女装 内衣 配饰 化妆品 美容保健 童装母婴 家居用品 男装等购物精品!.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\麦考林网上购物,享受网购乐趣,尽在麦网购物商城! 时尚女装 内衣 配饰 化妆品 美容保健 童装母婴 家居用品 男装等购物精品!2.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\最新电视剧大全.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\一本小说网--免费阅读武侠、言情、网游、玄幻等小说.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\7233.tmp 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\9780.tmp 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\8794.tmp 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\■绝色高清电影网2.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\当当网—网上购物中心:图书、母婴、美妆、家居、数码、家电、服装、鞋包等,正品低价,货到付款.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\中国福利彩票,时时彩、体育彩票投注中心!【彩票大赢家】2.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\1200.tmp 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\1406.tmp 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\tmp983.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\京东商城-中国专业的电脑、手机、数码、家电、日用百货网上购物商城.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\清纯诱惑美女图.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\一本小说网--免费阅读武侠、言情、网游、玄幻等小说2.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\tmp676.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\tmp606.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\淘宝网 - 淘!我喜欢2.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\淘宝商城-品牌正品 商城保障2.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\卓越亚马逊网上购物图书,手机,数码,家电,化妆品,钟表,首饰等在线销售.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\卓越亚马逊网上购物图书,手机,数码,家电,化妆品,钟表,首饰等在线销售2.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\■35dh上网导航-最精彩神秘的网址大全!.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\tmp247.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\tmp364.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\5219.tmp 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\淘宝网 - 淘!我喜欢.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\京东商城-中国专业的电脑、手机、数码、家电、日用百货网上购物商城2.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\■极光网络电视-极速高清网络电视在线观看2.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\■35dh上网导航-最精彩神秘的网址大全!2.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe File created C:\Program Files (x86)\Google\Common\4883\temp2\中国福利彩票,时时彩、体育彩票投注中心!【彩票大赢家】.bak 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 64 IoCs
Processes:
99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\uh3zfile 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\uh3zfile\NeverShowExt 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\uh3zfile\DefaultIcon\ = "C:\\Program Files\\Mozilla Firefox\\firefox.exe,0" 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0file\ = "????" 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0file\shellex 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0afile\shell 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0afile\shell\open\command 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0afile\shellex\ContextMenuHandlers 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\uh3zfile\shellex\ContextMenuHandlers\ 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0file\DefaultIcon 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0bfile\IsShortcut 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0afile\shellex 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\jp6ofile\ = "????" 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\uh3zfile\shell\ = "open" 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0file\shell\open\command 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0bfile\ = "????" 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.ejj0a 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0afile\ = "????" 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0afile\IsShortcut 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0file\shellex\ContextMenuHandlers 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0afile\shellex\ContextMenuHandlers\ 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.jp6o\ = "jp6ofile" 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\jp6ofile\DefaultIcon\ = "C:\\Program Files\\Mozilla Firefox\\firefox.exe,0" 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\uh3zfile\shell\open\command\ = "\"C:\\Program Files (x86)\\Google\\Common\\4883\\vaprcj.exe\" \"%1\"" 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0file\IsShortcut 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.ejj0a\ = "ejj0afile" 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\jp6ofile\shell\open\command 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\jp6ofile\shellex\ContextMenuHandlers 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.uh3z\ = "uh3zfile" 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0file\shell\ = "open" 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0bfile\shell\open\command 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\jp6ofile\shellex 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.uh3z 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\uh3zfile\ = "????" 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.ejj0b\ = "ejj0bfile" 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0afile\shell\ = "open" 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\jp6ofile\shell\open 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\jp6ofile\shellex\ContextMenuHandlers\ 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\uh3zfile\shellex\ContextMenuHandlers 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0afile\NeverShowExt 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0afile\DefaultIcon\ = "%SystemRoot%\\explorer.exe,0" 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\uh3zfile\DefaultIcon 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\uh3zfile\shellex 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0bfile\shellex 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.ejj0 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0file\shell 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0file\shell\open 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.ejj0b 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0bfile\DefaultIcon\ = "%SystemRoot%\\explorer.exe,3" 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0bfile\NeverShowExt 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0bfile\shellex\ContextMenuHandlers 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0bfile\shellex\ContextMenuHandlers\ 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\uh3zfile\shell 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\uh3zfile\shell\open\command 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0file\DefaultIcon\ = "C:\\Program Files\\Internet Explorer\\iexplore.exe,0" 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0afile\shell\open 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\jp6ofile\DefaultIcon 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\jp6ofile\shell\open\command\ = "\"C:\\Program Files (x86)\\Google\\Common\\4883\\vaprcj.exe\" \"%1\"" 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0file 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\uh3zfile\IsShortcut 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\uh3zfile\shell\open 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0bfile\shell\open\command\ = "\"C:\\Program Files (x86)\\Google\\Common\\4883\\vaprcj.exe\" \"%1\"" 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ejj0afile\shell\open\command\ = "\"C:\\Program Files (x86)\\Google\\Common\\4883\\vaprcj.exe\" \"%1\"" 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\jp6ofile\shell 99d5e4822c89b350a81ae389396c76449efeb77ec374f54cd8184ddef877aa23.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4728-132-0x0000000000400000-0x0000000000481000-memory.dmpFilesize
516KB
-
memory/4728-133-0x0000000002280000-0x00000000022D4000-memory.dmpFilesize
336KB
-
memory/4728-134-0x0000000003410000-0x0000000003413000-memory.dmpFilesize
12KB
-
memory/4728-135-0x0000000000400000-0x0000000000481000-memory.dmpFilesize
516KB
-
memory/4728-136-0x0000000002280000-0x00000000022D4000-memory.dmpFilesize
336KB