Analysis
-
max time kernel
44s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
25-05-2024 15:58
General
-
Target
4c7adf51d74764fc83d628e9a8cc9c60_NeikiAnalytics.exe
-
Size
1.5MB
-
MD5
4c7adf51d74764fc83d628e9a8cc9c60
-
SHA1
1a304eab976069218440a5aa9d4ec3a3d89638d8
-
SHA256
b24d01edb8b76471a6c715b3a8c76d91a20465cea1c5f3a07d3d47f0ea6ccd90
-
SHA512
b1a41d266c6b685de4b1bd62ff3048c30e9032a65942f4444c9873ba84dc273c447f27a4a5685d29ba345d5346a7fa95e4cad254f7c5ef904f5f4306a0923009
-
SSDEEP
24576:XuhYGACNtzlz116k7GXySXNY/zOQb/WV6VDyXi4M7bxKfeJpfSSj1:XuhplNtzlz1MyS7XNySmOVcDyM5tDN1
Score
10/10
Malware Config
Extracted
Family
sality
C2
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Signatures
-
Modifies firewall policy service 2 TTPs 36 IoCs
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass 3 TTPs 12 IoCs
-
Windows security bypass 2 TTPs 64 IoCs
-
Executes dropped EXE 51 IoCs
-
Loads dropped DLL 64 IoCs
-
UPX packed file 20 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification 2 TTPs 64 IoCs
-
Checks whether UAC is enabled 1 TTPs 12 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 51 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory 2 IoCs
-
Drops file in Windows directory 13 IoCs
-
Modifies Internet Explorer settings 1 TTPs 64 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 27 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 12 IoCs
Processes
-
C:\Windows\system32\taskhost.exe"taskhost.exe"1⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\4c7adf51d74764fc83d628e9a8cc9c60_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4c7adf51d74764fc83d628e9a8cc9c60_NeikiAnalytics.exe"2⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Loads dropped DLL
- Windows security modification
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Users\Admin\AppData\Local\Temp\4c7adf51d74764fc83d628e9a8cc9c60_NeikiAnalytics3⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C74⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE4⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C75⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE5⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C76⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE6⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C77⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE7⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C78⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE8⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C79⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE9⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C710⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE10⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C711⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE11⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C712⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE12⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C713⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE13⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Executes dropped EXE
- Windows security modification
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- System policy modification
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C714⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE14⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C715⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE15⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C716⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE16⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Executes dropped EXE
- Windows security modification
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- System policy modification
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C717⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE17⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C718⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE18⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C719⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE19⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C720⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE20⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C721⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE21⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Executes dropped EXE
- Windows security modification
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- System policy modification
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C722⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE22⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C723⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE23⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C724⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE24⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C725⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE25⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Executes dropped EXE
- Windows security modification
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- System policy modification
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C726⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE26⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C727⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE27⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C728⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE28⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C729⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE29⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Executes dropped EXE
- Windows security modification
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- System policy modification
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C730⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE30⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C731⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE31⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C732⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE32⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C733⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE33⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Executes dropped EXE
- Windows security modification
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- System policy modification
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C734⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE34⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C735⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE35⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C736⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE36⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C737⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE37⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Executes dropped EXE
- Windows security modification
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- System policy modification
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C738⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE38⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C739⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE39⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C740⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE40⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C741⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE41⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C742⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE42⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Executes dropped EXE
- Windows security modification
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- System policy modification
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C743⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE43⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C744⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE44⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C745⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE45⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C746⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE46⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Executes dropped EXE
- Windows security modification
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- System policy modification
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C747⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE47⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C748⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE48⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C749⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE49⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C750⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE50⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Executes dropped EXE
- Windows security modification
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- System policy modification
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C751⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE51⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C752⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE52⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C753⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C754⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE54⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C755⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE55⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C756⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE56⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C757⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE57⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C758⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE58⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C759⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE59⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C760⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE60⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C761⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE61⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C762⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE62⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C763⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE63⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C764⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE64⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C765⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE65⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C766⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE66⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C767⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE67⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C768⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE68⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C769⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE69⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C770⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE70⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C771⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE71⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C772⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE72⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C773⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE73⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C774⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE74⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C775⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE75⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C776⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE76⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C777⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE77⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C778⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE78⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C779⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE79⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C780⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE80⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C781⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE81⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C782⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE82⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C783⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE83⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C784⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE84⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C785⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE85⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C786⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE86⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C787⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE87⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C788⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE88⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C789⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE89⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C790⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE90⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C791⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE91⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C792⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE92⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C793⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE93⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C794⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE94⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C795⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE95⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C796⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE96⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C797⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE97⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C798⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE98⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C799⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE99⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C7100⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE100⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C7101⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE101⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C7102⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE102⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C7103⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE103⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C7104⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE104⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C7105⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE105⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C7106⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE106⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C7107⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE107⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C7108⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE108⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C7109⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE109⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C7110⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE110⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C7111⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE111⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C7112⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE112⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-FEBFA1C7113⤵
-
-
C:\Windows\SysWOW64\XP-FEBFA1C7.EXEC:\Windows\system32\XP-FEBFA1C7.EXE113⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\system32\wbem\WMIADAP.EXEwmiadap.exe /F /T /R1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
212KB
MD5f911da94873ad925eed90a0bab77f45d
SHA1cfca123b79461cfcc8f4cae6a6f296091b93a071
SHA256d58592f0a6f62665276141720ac77282679c24852940de7bab36e7d6436207cc
SHA512fbbb1623f8ac6e06eabc3186893efeed9ba5528eed7d18baa9387a968805f6f13055966016187ecd9dedad5febb0bbd1a75c34c0912700941fea85639d1dde3d
-
Filesize
316KB
MD544812aa049d28bd7f4bded08f73e31fc
SHA1b3efe1a0edfbb52d577adede0a23d02d71e58e20
SHA2563562fd1da6eb3824e3ebbe1489aa75af244ebea4f4e9f1b05904363bcfc500c9
SHA512e74d8bb4a9163dc35fe147de74b13894599fd73a8b8c600c60386533f4f82303fa0763ba583f1af6c64c51e8548c90548673685b03b236878ee9229ad2fdd2c8
-
Filesize
180KB
MD5b708104449b54ae4ad48e20d9ec30f1e
SHA10c33a673b3eb0dacec6209050fef21af92b9aec9
SHA2560acce2b8d7aaa3c9dbbc2db253114ff95192874b810c31055d952842aee00778
SHA512858bbc0aef1145f5ee849731136e6381bb40553e862461f611f745b13bf60989b26034bfe39d982932555a1511aa9984b6b291e707a75f730419eea6c2b742b7
-
Filesize
72KB
MD5a5b8f203a68a30d6cb6e0e837ca77004
SHA118723997edd570e57fa3e15e023e3ba6d2be1fc6
SHA2568a13b2ed2e78f0b4cc19679b59f52689239565d549c14f31cb8a4c7bf685fbe9
SHA51271bad47f840fbf2c99f3e1c006942591c2d1426548ee455bae4c43e14026e9ad290df21d02a5c11e366e0385e97d3b9bcb09411b2da2a34ed0a2801e05779149
-
Filesize
1KB
MD5b360fa63134a63f9acfe046d2dfe10d9
SHA1b47a7f2ad61c79e454b55e39b0d7500aca753a17
SHA25603e0c6c4ca8a24f961477887763397045e67862e059f7494014aefc21891d40e
SHA512575673255d389fc6667f46931301925bf4bb3030d7a3f6da3d3e7d878f86bb496ad6706e20191a1daa2e177cacda9b677424327bd9d438c1ad109c4222064102
-
Filesize
1.5MB
MD54c7adf51d74764fc83d628e9a8cc9c60
SHA11a304eab976069218440a5aa9d4ec3a3d89638d8
SHA256b24d01edb8b76471a6c715b3a8c76d91a20465cea1c5f3a07d3d47f0ea6ccd90
SHA512b1a41d266c6b685de4b1bd62ff3048c30e9032a65942f4444c9873ba84dc273c447f27a4a5685d29ba345d5346a7fa95e4cad254f7c5ef904f5f4306a0923009
-
Filesize
264KB
MD5a6ae923ca3f6044816ae6ed2c5e108f3
SHA11449f215b9965818fd975da9845ef84d0998585a
SHA256da50060ec64d415a5f8dd0061f8539b718dd4f8f8660940f95841eead423809d
SHA5122876db3913a214bb4b713fcd827d391b70bf72f5f17496c4db30d7034a23e8cf5f2377db816988f1d2f8ca613b2fc2c39b7e428cdfdceb415423cfa0e29d2591
-
Filesize
112KB
MD5bbb5c8775c1ca2c1d79fae7df75fa5f2
SHA1e627f11082280f29349c398f5f264381ef33d498
SHA25657305f31becfe48e68c40812fc8333cadb87f3143b891e1052ded260273616a7
SHA512ac434bc36b9fb0a350422281b8cec4f4441b02b4b4eac43b409629621fcc3e115581655368a5d2c2f3ad709fb92621a49265ed5aeeeccb28a57eaf648cdcf0fd
-
Filesize
1.0MB
MD5ae309b98e3398d0b13ad43d40f036667
SHA1df41ac829195c37e39e5a9c47c6397c5cbdc813e
SHA256c932c36aeccd587da231ce4abccab003951d343dd6223ff59cb8c42f589d087f
SHA512eb025c30838712a2f72f3844b0ed0582b7215b767dd2498469401553b5776815ac6102cbb5f1475956f19f0dcec835674ccdd1e1243f3aca5ca60081c11baeb6
-
Filesize
40KB
MD55f21bb8bad3f85c74aeb70a241284f1d
SHA1e01fd86ba70c1b5b316bda17ad814cda8eb40d13
SHA256fc195f4bbc7d74dc24c5829e964e8b03e9a1b3f780989da38e0c89c3c0baa7ef
SHA512624c909b58556feec041ca2bb033eaeb0edcbf2b33298ccdb5388c9b83fb8aa7ff44ceaa774c7cf29a24e8c33d16b55a25c977a7f7c498b4256d2908d6a6d34a
-
Filesize
232KB
-
Filesize
1.1MB
-
Filesize
232KB
-
Filesize
300KB
-
Filesize
68KB
-
Filesize
120KB
-
Filesize
1.1MB
-
Filesize
232KB
-
Filesize
120KB
-
Filesize
68KB
-
Filesize
232KB
-
Filesize
232KB
-
Filesize
232KB
-
Filesize
300KB
-
Filesize
1.1MB
-
Filesize
8KB
-
Filesize
300KB
-
Filesize
1.1MB
-
Filesize
68KB
-
Filesize
232KB
-
Filesize
232KB
-
Filesize
232KB
-
Filesize
120KB
-
Filesize
1.1MB
-
Filesize
232KB
-
Filesize
120KB
-
Filesize
232KB
-
Filesize
232KB
-
Filesize
1.1MB
-
Filesize
300KB
-
Filesize
68KB
-
Filesize
232KB
-
Filesize
16.7MB
-
Filesize
120KB
-
Filesize
68KB
-
Filesize
8KB
-
Filesize
16.7MB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
16.7MB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
232KB
-
Filesize
1.1MB
-
Filesize
16.7MB
-
Filesize
16.7MB
-
Filesize
232KB
-
Filesize
16.7MB
-
Filesize
16.7MB
-
Filesize
300KB
-
Filesize
1.1MB
-
Filesize
16.7MB
-
Filesize
16.7MB
-
Filesize
16.7MB
-
Filesize
16.7MB
-
Filesize
16.7MB
-
Filesize
16.7MB
-
Filesize
16.7MB
-
Filesize
16.7MB
-
Filesize
232KB
-
Filesize
232KB
-
Filesize
1.1MB
-
Filesize
232KB
-
Filesize
232KB
-
Filesize
232KB
-
Filesize
1.1MB
-
Filesize
68KB
-
Filesize
120KB
-
Filesize
300KB
-
Filesize
1.1MB
-
Filesize
300KB
-
Filesize
120KB
-
Filesize
1.1MB
-
Filesize
232KB
-
Filesize
68KB
-
Filesize
232KB
-
Filesize
16.7MB
-
Filesize
232KB
-
Filesize
120KB
-
Filesize
232KB
-
Filesize
16.7MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
300KB
-
Filesize
68KB
-
Filesize
16.7MB
-
Filesize
16.7MB
-
Filesize
232KB
-
Filesize
16.7MB
-
Filesize
232KB
-
Filesize
232KB
-
Filesize
68KB
-
Filesize
120KB
-
Filesize
1.1MB
-
Filesize
232KB
-
Filesize
300KB
-
Filesize
232KB
-
Filesize
1.1MB
-
Filesize
64KB
-
Filesize
120KB
-
Filesize
68KB
-
Filesize
232KB
-
Filesize
232KB
-
Filesize
300KB
-
Filesize
232KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
68KB
-
Filesize
120KB
-
Filesize
300KB
-
Filesize
1.1MB
-
Filesize
300KB
-
Filesize
232KB
-
Filesize
1.1MB
-
Filesize
232KB
-
Filesize
120KB
-
Filesize
68KB
-
Filesize
232KB
-
Filesize
1.1MB
-
Filesize
232KB