Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
32s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
15/03/2024, 17:08
General
-
Target
cbf5bdb17cc3feccd573feab9655a7a5.exe
-
Size
187KB
-
MD5
cbf5bdb17cc3feccd573feab9655a7a5
-
SHA1
4c84a7476992912952ffa3f7438f919e4f8fe90b
-
SHA256
cf2cbad1f955dc1576733d0398c8eb6985d940a53237ba1bb0be1ac1f2ad6281
-
SHA512
20330a3601a979e3bf3d018de38b827f2d868e6c8642042cb875a9a0db39849ac255aa324976d2eebf16f7aedc3b843327f32044e78b265a273eb0862eabba88
-
SSDEEP
768:jeTDbPFalhisURRRVpRdNtAEaTtKmxFeMN1sDKZMbai8PK6LM5vjvVXS0gz41qjJ:jeHbPFcW3AEWgm3j1+uq6BN
Score
10/10
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
-
Executes dropped EXE 32 IoCs
-
Loads dropped DLL 62 IoCs
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Drops autorun.inf file 1 TTPs 4 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 64 IoCs
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of SetWindowsHookEx 33 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\cbf5bdb17cc3feccd573feab9655a7a5.exe"C:\Users\Admin\AppData\Local\Temp\cbf5bdb17cc3feccd573feab9655a7a5.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Users\Admin\AppData\Local\Temp\cbf5bdb17cc3feccd573feab9655a7a52⤵
-
-
C:\ProgramData\application data\Lambda\DirLock.exe"C:\ProgramData\application data\Lambda\DirLock.exe"2⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops autorun.inf file
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\p7xdxj-p4y21j-kqqqio-8oib70-rd2w9h\2.exeC:\Users\Admin\AppData\Local\Temp\p7xdxj-p4y21j-kqqqio-8oib70-rd2w9h\2.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\d9jpk9-jzu672-9n0agd-3e3pni-h31qg5\2.exeC:\Users\Admin\AppData\Local\Temp\d9jpk9-jzu672-9n0agd-3e3pni-h31qg5\2.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\wi56x6-x9u4b5-tqb129-hjsw1k-bg61yq\2.exeC:\Users\Admin\AppData\Local\Temp\wi56x6-x9u4b5-tqb129-hjsw1k-bg61yq\2.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\5zu5ub-dkuwq3-dgulu3-82m8b8-w1eu0k\2.exeC:\Users\Admin\AppData\Local\Temp\5zu5ub-dkuwq3-dgulu3-82m8b8-w1eu0k\2.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\uxtcqh-wi7jff-38i118-svo5aj-nnrjho\2.exeC:\Users\Admin\AppData\Local\Temp\uxtcqh-wi7jff-38i118-svo5aj-nnrjho\2.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\lzqj5p-tefjbg-u54hqf-01rp29-pt8k1l\2.exeC:\Users\Admin\AppData\Local\Temp\lzqj5p-tefjbg-u54hqf-01rp29-pt8k1l\2.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\dp7mbd-g5a2aa-x4g4rt-nmaib3-sn8hdx\2.exeC:\Users\Admin\AppData\Local\Temp\dp7mbd-g5a2aa-x4g4rt-nmaib3-sn8hdx\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\cdgmyp-v1z705-61jq9u-drv7wn-2e0b5y\2.exeC:\Users\Admin\AppData\Local\Temp\cdgmyp-v1z705-61jq9u-drv7wn-2e0b5y\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\urdv0m-7gbwu9-pa67mq-q0v50q-wwidck\2.exeC:\Users\Admin\AppData\Local\Temp\urdv0m-7gbwu9-pa67mq-q0v50q-wwidck\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\r8c8we-bql28u-nlturh-v5tloa-v2u9sa\2.exeC:\Users\Admin\AppData\Local\Temp\r8c8we-bql28u-nlturh-v5tloa-v2u9sa\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\u31jsu-i1u4h6-1qdpjn-3brw7l-a13dte\2.exeC:\Users\Admin\AppData\Local\Temp\u31jsu-i1u4h6-1qdpjn-3brw7l-a13dte\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hs48uj-bk7n0p-o94ouc-73zzmt-7uox0t\2.exeC:\Users\Admin\AppData\Local\Temp\hs48uj-bk7n0p-o94ouc-73zzmt-7uox0t\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\1awi4w-q3dc38-j0rize-wv09j2-3f00fu\2.exeC:\Users\Admin\AppData\Local\Temp\1awi4w-q3dc38-j0rize-wv09j2-3f00fu\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\55odu7-0sg0bb-eb2bfx-7er614-905eq3\2.exeC:\Users\Admin\AppData\Local\Temp\55odu7-0sg0bb-eb2bfx-7er614-905eq3\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\q6896f-ftedgp-alhrmv-nafsgi-53a48z\2.exeC:\Users\Admin\AppData\Local\Temp\q6896f-ftedgp-alhrmv-nafsgi-53a48z\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\ic0gyh-o7noab-c04j9m-xjcdl2-9dl44q\2.exeC:\Users\Admin\AppData\Local\Temp\ic0gyh-o7noab-c04j9m-xjcdl2-9dl44q\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\0w3a2q-qeynl0-vfwmnu-9yiwrg-sm2htx\2.exeC:\Users\Admin\AppData\Local\Temp\0w3a2q-qeynl0-vfwmnu-9yiwrg-sm2htx\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\l8kvb6-syvcyz-il1g7a-cd4vef-p21w82\2.exeC:\Users\Admin\AppData\Local\Temp\l8kvb6-syvcyz-il1g7a-cd4vef-p21w82\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\mhne1f-n8dcge-t3zks8-8ha46t-2fp930\2.exeC:\Users\Admin\AppData\Local\Temp\mhne1f-n8dcge-t3zks8-8ha46t-2fp930\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\m5qgzn-upq7vf-umqwzg-p8ikgk-d6a55w\2.exeC:\Users\Admin\AppData\Local\Temp\m5qgzn-upq7vf-umqwzg-p8ikgk-d6a55w\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\r7w48g-ttacxe-0jltj7-zlx8d8-tc0nke\2.exeC:\Users\Admin\AppData\Local\Temp\r7w48g-ttacxe-0jltj7-zlx8d8-tc0nke\2.exe3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\3m8t3j-lg25u1-m7s380-jo8004-7gpuzf\2.exeC:\Users\Admin\AppData\Local\Temp\3m8t3j-lg25u1-m7s380-jo8004-7gpuzf\2.exe3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ec6xnk-gs9emh-yrfg30-xog470-ta8so4\2.exeC:\Users\Admin\AppData\Local\Temp\ec6xnk-gs9emh-yrfg30-xog470-ta8so4\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hlmi7e-aocetl-c9plij-jz124c-8n77en\2.exeC:\Users\Admin\AppData\Local\Temp\hlmi7e-aocetl-c9plij-jz124c-8n77en\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\iy5glt-vn2hfg-dhxt6y-e8mrlx-k39zxr\2.exeC:\Users\Admin\AppData\Local\Temp\iy5glt-vn2hfg-dhxt6y-e8mrlx-k39zxr\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\54b89c-pnk1ls-1hst5g-92sk18-9yt959\2.exeC:\Users\Admin\AppData\Local\Temp\54b89c-pnk1ls-1hst5g-92sk18-9yt959\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\4rn0ky-rpfl9b-bdz6ar-mdjokg-t3u669\2.exeC:\Users\Admin\AppData\Local\Temp\4rn0ky-rpfl9b-bdz6ar-mdjokg-t3u669\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\ppkfny-khnuu4-x6kvnr-fzf6f8-gq54t7\2.exeC:\Users\Admin\AppData\Local\Temp\ppkfny-khnuu4-x6kvnr-fzf6f8-gq54t7\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\d27oa3-2vojae-vs2o6l-8nbgq8-f7b7m1\2.exeC:\Users\Admin\AppData\Local\Temp\d27oa3-2vojae-vs2o6l-8nbgq8-f7b7m1\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\ars5uw-5dktb0-tcdf0d-c0wz2t-ela7qs\2.exeC:\Users\Admin\AppData\Local\Temp\ars5uw-5dktb0-tcdf0d-c0wz2t-ela7qs\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\ivziz9-7i5m9k-2a81fp-pebdu2-xt0d1u\2.exeC:\Users\Admin\AppData\Local\Temp\ivziz9-7i5m9k-2a81fp-pebdu2-xt0d1u\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\d5hiio-j03qui-7tkltu-1qzqp0-4616oy\2.exeC:\Users\Admin\AppData\Local\Temp\d5hiio-j03qui-7tkltu-1qzqp0-4616oy\2.exe3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\an8wbr-0429u1-5508ww-jpmi0i-2d631z\2.exeC:\Users\Admin\AppData\Local\Temp\an8wbr-0429u1-5508ww-jpmi0i-2d631z\2.exe3⤵
-
-
-
C:\Windows\lsass.exeC:\Windows\lsass.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\477x4h-438m8h-0p09pl-nnsvey-6ccfge\2.exeC:\Users\Admin\AppData\Local\Temp\477x4h-438m8h-0p09pl-nnsvey-6ccfge\2.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\fznhp9-mpyzc2-bd43lc-647hsi-jt5im5\2.exeC:\Users\Admin\AppData\Local\Temp\fznhp9-mpyzc2-bd43lc-647hsi-jt5im5\2.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\rsl1vp-sjaz9p-o0qw1s-dt7r04-7qmwwa\2.exeC:\Users\Admin\AppData\Local\Temp\rsl1vp-sjaz9p-o0qw1s-dt7r04-7qmwwa\2.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\vnibuu-37i2qm-33iqun-yqaebr-mo3003\2.exeC:\Users\Admin\AppData\Local\Temp\vnibuu-37i2qm-33iqun-yqaebr-mo3003\2.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\aan227-cv19r5-jlcqdy-89ium9-30l9te\2.exeC:\Users\Admin\AppData\Local\Temp\aan227-cv19r5-jlcqdy-89ium9-30l9te\2.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\5zi659-7fln46-perplp-fwl25y-kxj16t\2.exeC:\Users\Admin\AppData\Local\Temp\5zi659-7fln46-perplp-fwl25y-kxj16t\2.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\o6dp37-8uxa5n-juhtec-qksa05-f7ye9g\2.exeC:\Users\Admin\AppData\Local\Temp\o6dp37-8uxa5n-juhtec-qksa05-f7ye9g\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\x64qc3-av1r6q-spw2x8-tgl0b7-zb88n1\2.exeC:\Users\Admin\AppData\Local\Temp\x64qc3-av1r6q-spw2x8-tgl0b7-zb88n1\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\yf4pco-iycio4-utla7s-2dl14k-2alq8k\2.exeC:\Users\Admin\AppData\Local\Temp\yf4pco-iycio4-utla7s-2dl14k-2alq8k\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\aat56z-y8lqvb-hx5bws-jijilq-q8u07j\2.exeC:\Users\Admin\AppData\Local\Temp\aat56z-y8lqvb-hx5bws-jijilq-q8u07j\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\bnglmj-6fj0tp-j4g1nb-1xbcet-2o1ats\2.exeC:\Users\Admin\AppData\Local\Temp\bnglmj-6fj0tp-j4g1nb-1xbcet-2o1ats\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\aqz1zr-zigwy3-tgv1u9-5a3tex-dv3kap\2.exeC:\Users\Admin\AppData\Local\Temp\aqz1zr-zigwy3-tgv1u9-5a3tex-dv3kap\2.exe3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\3gcn7g-y33aol-cmqls7-5pfgfe-7ato3c\2.exeC:\Users\Admin\AppData\Local\Temp\3gcn7g-y33aol-cmqls7-5pfgfe-7ato3c\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\j7rygl-8uw2pw-3mzgw1-gbxhqo-y4sth6\2.exeC:\Users\Admin\AppData\Local\Temp\j7rygl-8uw2pw-3mzgw1-gbxhqo-y4sth6\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\9v7o1x-fqtwdr-3jarc3-n1jkoj-0wrc87\2.exeC:\Users\Admin\AppData\Local\Temp\9v7o1x-fqtwdr-3jarc3-n1jkoj-0wrc87\2.exe3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\z0m573-pigiqd-ujehs8-821rwu-sqkcyb\2.exeC:\Users\Admin\AppData\Local\Temp\z0m573-pigiqd-ujehs8-821rwu-sqkcyb\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\383r63-aye8sw-0lkc27-udnr8d-72ls2z\2.exeC:\Users\Admin\AppData\Local\Temp\383r63-aye8sw-0lkc27-udnr8d-72ls2z\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\gkr5ke-hag3zd-n63cb7-2kevps-whs0mz\2.exeC:\Users\Admin\AppData\Local\Temp\gkr5ke-hag3zd-n63cb7-2kevps-whs0mz\2.exe3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\6svufn-ecvlbf-e9v9ff-9vnxwk-xtgjlw\2.exeC:\Users\Admin\AppData\Local\Temp\6svufn-ecvlbf-e9v9ff-9vnxwk-xtgjlw\2.exe3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\m0d38v-omrawu-uc2sin-tde7co-o5hmjt\2.exeC:\Users\Admin\AppData\Local\Temp\m0d38v-omrawu-uc2sin-tde7co-o5hmjt\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\gf6ugc-y9157t-z0q3ls-wh70dw-k9ovc8\2.exeC:\Users\Admin\AppData\Local\Temp\gf6ugc-y9157t-z0q3ls-wh70dw-k9ovc8\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\nt0pj3-p926i1-7898zj-759x4j-2r1klo\2.exeC:\Users\Admin\AppData\Local\Temp\nt0pj3-p926i1-7898zj-759x4j-2r1klo\2.exe3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\bop9qd-4rf5dk-6ctc1i-d24unb-2payxm\2.exeC:\Users\Admin\AppData\Local\Temp\bop9qd-4rf5dk-6ctc1i-d24unb-2payxm\2.exe3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\n92486-0y051t-isvgta-jjke79-pe7nj3\2.exeC:\Users\Admin\AppData\Local\Temp\n92486-0y051t-isvgta-jjke79-pe7nj3\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\9julin-t12eu3-6wb6dr-dgbxaj-ddbmej\2.exeC:\Users\Admin\AppData\Local\Temp\9julin-t12eu3-6wb6dr-dgbxaj-ddbmej\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\ly67nm-9wytcy-skiddf-3k2wn4-aadd9x\2.exeC:\Users\Admin\AppData\Local\Temp\ly67nm-9wytcy-skiddf-3k2wn4-aadd9x\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\pr5ctq-kj9q0w-x86ruj-f112l0-gsq000\2.exeC:\Users\Admin\AppData\Local\Temp\pr5ctq-kj9q0w-x86ruj-f112l0-gsq000\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\bi1nse-0aiirp-u8xnov-626f7j-en664b\2.exeC:\Users\Admin\AppData\Local\Temp\bi1nse-0aiirp-u8xnov-626f7j-en664b\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\1mpzq6-x8hn7a-l798wn-4vttx3-5g70m2\2.exeC:\Users\Admin\AppData\Local\Temp\1mpzq6-x8hn7a-l798wn-4vttx3-5g70m2\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\g278jg-5qddsr-0hgrzw-nlk3da-v083k1\2.exeC:\Users\Admin\AppData\Local\Temp\g278jg-5qddsr-0hgrzw-nlk3da-v083k1\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\vzwgyg-1ujoaa-qn0j9l-kkeo5s-m0h54p\2.exeC:\Users\Admin\AppData\Local\Temp\vzwgyg-1ujoaa-qn0j9l-kkeo5s-m0h54p\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\7jjtsg-x1e6cq-22c5ek-glygi6-z9i0jn\2.exeC:\Users\Admin\AppData\Local\Temp\7jjtsg-x1e6cq-22c5ek-glygi6-z9i0jn\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\n90sm5-uzc98y-jnhdi9-eelsoe-r3iti1\2.exeC:\Users\Admin\AppData\Local\Temp\n90sm5-uzc98y-jnhdi9-eelsoe-r3iti1\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\3zjqa2-4q8oo1-alvw0v-yecrz7-ixklbn\2.exeC:\Users\Admin\AppData\Local\Temp\3zjqa2-4q8oo1-alvw0v-yecrz7-ixklbn\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\nj2tnb-v32kk3-v039o3-qmvw57-ekniuk\2.exeC:\Users\Admin\AppData\Local\Temp\nj2tnb-v32kk3-v039o3-qmvw57-ekniuk\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\5zst4z-6l61sy-dbhier-cdtx8s-74wcfx\2.exeC:\Users\Admin\AppData\Local\Temp\5zst4z-6l61sy-dbhier-cdtx8s-74wcfx\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\nfmbin-58hm94-6z6ko3-2gnhf7-r94cej\2.exeC:\Users\Admin\AppData\Local\Temp\nfmbin-58hm94-6z6ko3-2gnhf7-r94cej\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\ujshtl-7e19d8-ey1z91-ev2oe1-ahucv5\2.exeC:\Users\Admin\AppData\Local\Temp\ujshtl-7e19d8-ey1z91-ev2oe1-ahucv5\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
-
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
80KB