Analysis
-
max time kernel
11s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
08-07-2024 19:55
General
-
Target
2d9e9be24371572f16ffb9ed1d3bb777_JaffaCakes118.exe
-
Size
100KB
-
MD5
2d9e9be24371572f16ffb9ed1d3bb777
-
SHA1
6f440788a0fd1927812c7d59a3cb4344d64d6777
-
SHA256
4c9f343c4a2278d2ae59e374ee75c58109e1c4b8f6c3ebf481b496811ca1a7f8
-
SHA512
9b11baf53d8420a41e03ec1c90e16970ac6affeb558a919ee30e7a68d809346c972862c813ed8fb67c89e9e1082558eaa099fc230ba0ab74816401e72ccf3cb6
-
SSDEEP
1536:Z331xdLa+ku3U+f+tzTdK0h+0l6enPRkvGQVgIE:ZnZL3ksjfKcNOLIE
Score
10/10
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
-
Executes dropped EXE 17 IoCs
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file 1 TTPs 4 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 64 IoCs
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: AddClipboardFormatListener 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of SetWindowsHookEx 36 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2d9e9be24371572f16ffb9ed1d3bb777_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\2d9e9be24371572f16ffb9ed1d3bb777_JaffaCakes118.exe"1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Users\Admin\AppData\Local\Temp\2d9e9be24371572f16ffb9ed1d3bb777_jaffacakes1182⤵
-
-
C:\ProgramData\application data\www.zilch·infinisoft.biz.de\winzip.exe"C:\ProgramData\application data\www.zilch·infinisoft.biz.de\winzip.exe"2⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Enumerates connected drives
- Drops autorun.inf file
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\u8iuvo-u4jj0o-qqb6hs-do3s55-wdnd7l\2.exeC:\Users\Admin\AppData\Local\Temp\u8iuvo-u4jj0o-qqb6hs-do3s55-wdnd7l\2.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\u8c78r-1ynouk-rltt3u-ldw7a0-y2u84n\2.exeC:\Users\Admin\AppData\Local\Temp\u8c78r-1ynouk-rltt3u-ldw7a0-y2u84n\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\d7qecr-eygcqq-afw9hu-y7d4g5-s5s9dc\2.exeC:\Users\Admin\AppData\Local\Temp\d7qecr-eygcqq-afw9hu-y7d4g5-s5s9dc\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\5l27ej-d62yab-d23meb-9pvavg-wnnwks\2.exeC:\Users\Admin\AppData\Local\Temp\5l27ej-d62yab-d23meb-9pvavg-wnnwks\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\umt453-w77bu2-2xisgv-skowq6-mcrbwb\2.exeC:\Users\Admin\AppData\Local\Temp\umt453-w77bu2-2xisgv-skowq6-mcrbwb\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\pojlro-y37lxf-yuxjce-4pjro8-ti0mnk\2.exeC:\Users\Admin\AppData\Local\Temp\pojlro-y37lxf-yuxjce-4pjro8-ti0mnk\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\e59833-hlcp21-ykirjj-o2c42t-t3a34o\2.exeC:\Users\Admin\AppData\Local\Temp\e59833-hlcp21-ykirjj-o2c42t-t3a34o\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\qrf5z1-9fzq0i-lfj8a7-s5uqw0-hs0u5a\2.exeC:\Users\Admin\AppData\Local\Temp\qrf5z1-9fzq0i-lfj8a7-s5uqw0-hs0u5a\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\cdat1v-p28uvi-7w36m0-8ns41z-eifcdt\2.exeC:\Users\Admin\AppData\Local\Temp\cdat1v-p28uvi-7w36m0-8ns41z-eifcdt\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\bsv29u-va3wka-75co4y-fpce1q-fmd35q\2.exeC:\Users\Admin\AppData\Local\Temp\bsv29u-va3wka-75co4y-fpce1q-fmd35q\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\akayyv-yi3kn7-h6m5po-jr0cdn-qhbt0g\2.exeC:\Users\Admin\AppData\Local\Temp\akayyv-yi3kn7-h6m5po-jr0cdn-qhbt0g\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\h5vmpv-cwy1v1-plv2po-7fqdh5-86gbv5\2.exeC:\Users\Admin\AppData\Local\Temp\h5vmpv-cwy1v1-plv2po-7fqdh5-86gbv5\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\u25zu5-ivmutg-cs0zpm-om9r9a-w79i52\2.exeC:\Users\Admin\AppData\Local\Temp\u25zu5-ivmutg-cs0zpm-om9r9a-w79i52\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\mmgedj-i882un-wsucya-pvk8kh-qgyg9f\2.exeC:\Users\Admin\AppData\Local\Temp\mmgedj-i882un-wsucya-pvk8kh-qgyg9f\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\pw4ffm-ej9jow-9bcxv2-m0aypp-4u59g6\2.exeC:\Users\Admin\AppData\Local\Temp\pw4ffm-ej9jow-9bcxv2-m0aypp-4u59g6\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\vcp9zz-18bhbt-p0sca4-aj16mk-me9y58\2.exeC:\Users\Admin\AppData\Local\Temp\vcp9zz-18bhbt-p0sca4-aj16mk-me9y58\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\5z603y-vh0dm8-1iyco2-f2knsp-yq47u5\2.exeC:\Users\Admin\AppData\Local\Temp\5z603y-vh0dm8-1iyco2-f2knsp-yq47u5\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\uqea5g-1gpsr9-r0b6em-lsellr-yhbmfe\2.exeC:\Users\Admin\AppData\Local\Temp\uqea5g-1gpsr9-r0b6em-lsellr-yhbmfe\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\q0jdcw-rr8bqw-xnvj2q-c163gb-6yk8dh\2.exeC:\Users\Admin\AppData\Local\Temp\q0jdcw-rr8bqw-xnvj2q-c163gb-6yk8dh\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\f2w59w-nmwv5p-nixkap-i5p8rt-63htf6\2.exeC:\Users\Admin\AppData\Local\Temp\f2w59w-nmwv5p-nixkap-i5p8rt-63htf6\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\9a0uyv-bve1nt-ilqi9m-hn2y3n-bf5cat\2.exeC:\Users\Admin\AppData\Local\Temp\9a0uyv-bve1nt-ilqi9m-hn2y3n-bf5cat\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\a088j3-su3jal-tlshpk-p29ego-evq9f0\2.exeC:\Users\Admin\AppData\Local\Temp\a088j3-su3jal-tlshpk-p29ego-evq9f0\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\518jox-8haznv-pgg14d-pchq8d-kz9epi\2.exeC:\Users\Admin\AppData\Local\Temp\518jox-8haznv-pgg14d-pchq8d-kz9epi\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\2elcc0-vhb8y7-x2pfn5-3s0x9y-tg61j9\2.exeC:\Users\Admin\AppData\Local\Temp\2elcc0-vhb8y7-x2pfn5-3s0x9y-tg61j9\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\5iyixc-i8vkrz-11qvih-1sgtwg-7o218a\2.exeC:\Users\Admin\AppData\Local\Temp\5iyixc-i8vkrz-11qvih-1sgtwg-7o218a\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\9eqcup-txy665-5r7yqt-dc7pml-d88dql\2.exeC:\Users\Admin\AppData\Local\Temp\9eqcup-txy665-5r7yqt-dc7pml-d88dql\2.exe3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\5do8vz-sbgukb-c00ems-n0kxvh-uqweha\2.exeC:\Users\Admin\AppData\Local\Temp\5do8vz-sbgukb-c00ems-n0kxvh-uqweha\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\lg0u1y-g84883-tx192q-brwkt8-chli77\2.exeC:\Users\Admin\AppData\Local\Temp\lg0u1y-g84883-tx192q-brwkt8-chli77\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\uua312-jnry0e-ck53wk-ofevg8-wzeld0\2.exeC:\Users\Admin\AppData\Local\Temp\uua312-jnry0e-ck53wk-ofevg8-wzeld0\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\c438w0-7qvve4-vonh2h-ed714x-gyl9tw\2.exeC:\Users\Admin\AppData\Local\Temp\c438w0-7qvve4-vonh2h-ed714x-gyl9tw\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\e57lmu-3tcpv4-ykg32a-lojfhn-t38fne\2.exeC:\Users\Admin\AppData\Local\Temp\e57lmu-3tcpv4-ykg32a-lojfhn-t38fne\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\q55bj6-w1sjv0-kt9euc-ernjqi-h6q0pg\2.exeC:\Users\Admin\AppData\Local\Temp\q55bj6-w1sjv0-kt9euc-ernjqi-h6q0pg\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\v7iy9h-lpdbsr-qqbaum-49xly8-nyh50p\2.exeC:\Users\Admin\AppData\Local\Temp\v7iy9h-lpdbsr-qqbaum-49xly8-nyh50p\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
-
-
-
C:\Windows\lsass.exeC:\Windows\lsass.exe2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\0yj0ok-0vkosk-whcc9p-jf4yy1-33oizi\2.exeC:\Users\Admin\AppData\Local\Temp\0yj0ok-0vkosk-whcc9p-jf4yy1-33oizi\2.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\2a1ghw-90cy3q-yoi2d0-tflgk6-64jhdt\2.exeC:\Users\Admin\AppData\Local\Temp\2a1ghw-90cy3q-yoi2d0-tflgk6-64jhdt\2.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\kc34xq-l3s2bp-hk9z3t-6cqt24-0a4zyb\2.exeC:\Users\Admin\AppData\Local\Temp\kc34xq-l3s2bp-hk9z3t-6cqt24-0a4zyb\2.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\v9wi8q-3tw95i-2pwx9i-ycolqm-lag6fz\2.exeC:\Users\Admin\AppData\Local\Temp\v9wi8q-3tw95i-2pwx9i-ycolqm-lag6fz\2.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\qzjb9l-skxiyj-za90kd-oye4tn-jpii0t\2.exeC:\Users\Admin\AppData\Local\Temp\qzjb9l-skxiyj-za90kd-oye4tn-jpii0t\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\u676a9-3lv6h0-4cl3vz-a77c7t-y0o765\2.exeC:\Users\Admin\AppData\Local\Temp\u676a9-3lv6h0-4cl3vz-a77c7t-y0o765\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\6acjqp-9qezpm-qpk165-g7ffpe-m8der9\2.exeC:\Users\Admin\AppData\Local\Temp\6acjqp-9qezpm-qpk165-g7ffpe-m8der9\2.exe3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\oq3dr6-7fmytn-if6g2c-p5iyp5-fsn2yg\2.exeC:\Users\Admin\AppData\Local\Temp\oq3dr6-7fmytn-if6g2c-p5iyp5-fsn2yg\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\bom3ht-odj4bg-67eg2y-7y4dhx-dtqmsr\2.exeC:\Users\Admin\AppData\Local\Temp\bom3ht-odj4bg-67eg2y-7y4dhx-dtqmsr\2.exe3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2csiez-mv0cpf-yp9493-6a9v5v-66ajav\2.exeC:\Users\Admin\AppData\Local\Temp\2csiez-mv0cpf-yp9493-6a9v5v-66ajav\2.exe3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\zykmht-nwd866-6lws7m-86a0wl-fwmhie\2.exeC:\Users\Admin\AppData\Local\Temp\zykmht-nwd866-6lws7m-86a0wl-fwmhie\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\gyci0u-bpfx70-oedy1m-6889s4-7zx773\2.exeC:\Users\Admin\AppData\Local\Temp\gyci0u-bpfx70-oedy1m-6889s4-7zx773\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\f1z8wo-3ug2vz-xrv8s5-9l4zbt-h64q8l\2.exeC:\Users\Admin\AppData\Local\Temp\f1z8wo-3ug2vz-xrv8s5-9l4zbt-h64q8l\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\w97ais-svzyzx-6fl83j-yib4qq-03pbeo\2.exeC:\Users\Admin\AppData\Local\Temp\w97ais-svzyzx-6fl83j-yib4qq-03pbeo\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\hymzf9-7lr4pj-1duivp-f2sjpc-xwnuht\2.exeC:\Users\Admin\AppData\Local\Temp\hymzf9-7lr4pj-1duivp-f2sjpc-xwnuht\2.exe3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\f8fy5s-l326hm-awj1gx-ufrvsd-690mb1\2.exeC:\Users\Admin\AppData\Local\Temp\f8fy5s-l326hm-awj1gx-ufrvsd-690mb1\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\0e3tyl-qwx6hu-vxv5jp-9ghgnb-s410os\2.exeC:\Users\Admin\AppData\Local\Temp\0e3tyl-qwx6hu-vxv5jp-9ghgnb-s410os\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\mdo22v-t3zkop-iq5oxz-di8245-q753ys\2.exeC:\Users\Admin\AppData\Local\Temp\mdo22v-t3zkop-iq5oxz-di8245-q753ys\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\81yk8o-9soino-fnarzi-u1lad3-nz0fa9\2.exeC:\Users\Admin\AppData\Local\Temp\81yk8o-9soino-fnarzi-u1lad3-nz0fa9\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\0g9g26-8097yy-8xaw2y-4j2kj3-rhu58f\2.exeC:\Users\Admin\AppData\Local\Temp\0g9g26-8097yy-8xaw2y-4j2kj3-rhu58f\2.exe3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\c8j4lg-euxb9e-kk8tv7-jlk8p8-ednnwd\2.exeC:\Users\Admin\AppData\Local\Temp\c8j4lg-euxb9e-kk8tv7-jlk8p8-ednnwd\2.exe3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\1ssy45-jmn9vn-kdd7am-htt41q-5maz01\2.exeC:\Users\Admin\AppData\Local\Temp\1ssy45-jmn9vn-kdd7am-htt41q-5maz01\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\45xfz0-6kzwyx-ok6yfg-og6mjg-j2ya0k\2.exeC:\Users\Admin\AppData\Local\Temp\45xfz0-6kzwyx-ok6yfg-og6mjg-j2ya0k\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\8876tm-0bx2gt-2wb94r-9mmrrk-yasv0v\2.exeC:\Users\Admin\AppData\Local\Temp\8876tm-0bx2gt-2wb94r-9mmrrk-yasv0v\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\e1olyi-rqmms5-ajgxjm-aa6vyl-g6s4af\2.exeC:\Users\Admin\AppData\Local\Temp\e1olyi-rqmms5-ajgxjm-aa6vyl-g6s4af\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\usxkpk-fb6e10-r5e6lo-zqewhg-ymfllg\2.exeC:\Users\Admin\AppData\Local\Temp\usxkpk-fb6e10-r5e6lo-zqewhg-ymfllg\2.exe3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\x1naok-k0gwdw-4ozgfd-fojzo1-mevgav\2.exeC:\Users\Admin\AppData\Local\Temp\x1naok-k0gwdw-4ozgfd-fojzo1-mevgav\2.exe3⤵
-
C:\Windows\SysWOW64\winnthlp1.exeC:\Windows\system32\winnthlp1.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp15⤵
-
-
-
C:\Windows\SysWOW64\winnthlp2.exeC:\Windows\system32\winnthlp2.exe4⤵
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\winnthlp25⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\0vmcjd-vnqqqj-8cnrk6-q6i3bn-rx71qn\2.exeC:\Users\Admin\AppData\Local\Temp\0vmcjd-vnqqqj-8cnrk6-q6i3bn-rx71qn\2.exe3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\b14izj-ztldyv-trziu1-5l8aep-d681ah\2.exeC:\Users\Admin\AppData\Local\Temp\b14izj-ztldyv-trziu1-5l8aep-d681ah\2.exe3⤵
-
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
5Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
100KB
MD52d9e9be24371572f16ffb9ed1d3bb777
SHA16f440788a0fd1927812c7d59a3cb4344d64d6777
SHA2564c9f343c4a2278d2ae59e374ee75c58109e1c4b8f6c3ebf481b496811ca1a7f8
SHA5129b11baf53d8420a41e03ec1c90e16970ac6affeb558a919ee30e7a68d809346c972862c813ed8fb67c89e9e1082558eaa099fc230ba0ab74816401e72ccf3cb6
-
Filesize
31B
MD5b70ed9a5e09ad0e4c2e55df4bbded575
SHA134170a65f8a2d9f2273f69fa4115e46197e1db53
SHA2561b0f2beca8a0a79f689143a712f55f1721fcc3f540e9696d53204cd6db003ba3
SHA512c4a6bdbe44cc414534465b6d128708e337f73bfc23c79dfc877c27e569cabb0ca90b8d04c15cc6edc91abce112df11c164ba37df1f40b1fc70eed69cd0130b17
-
Filesize
31B
MD5c23961df4551bec45cfa91f9b0793cfc
SHA1b3cb3cf9b13184df073b5262e7b3514f49cad29f
SHA2564cdf2dad937a1754b576d6af111d9c9291900e7597607adcb7074b1c58eb04ef
SHA512ac3bdb0aa81e641443ad4c5b8844564e31997a400cddf0bad5a8e35d216691571d3b9179dfe66d91e9f2c0c6cb1beebbc6a5e9c17e17aeaf969e59812ab704b4
-
Filesize
253B
MD5b775a5a4faab19e5c95c75e3461b2725
SHA1744ad2a2d65b0fd4f83cd46ba8097cae27fda264
SHA256826327d415e365d8e8eb6f4ef70b8098e2a54fde194a7bc149b7322fd4d8fc2f
SHA512587efb9c1469df6e08ea0aa9e58b3a70db3a5481fdf4cb225785b5a597443621eaebe678998cabaa3b8c795a4250af7efb1b884826a3bb6f188a6ddd64ecb735