Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
14/07/2024, 02:38
General
-
Target
43f65d94c18425f13dfe117110582a17_JaffaCakes118.exe
-
Size
44KB
-
MD5
43f65d94c18425f13dfe117110582a17
-
SHA1
ef215b5efd3c215402d0c238d2a159dde542ec67
-
SHA256
95a3cddc982b13f0a6de0b9364c2591cba0c6b27ea0e03653bce7cd17bc68162
-
SHA512
e69f68892af143a446a1697c49fda93c499f3f11ef2e36f02c58a875438c9fac07fece1000d4ba99f7b88d2fc39d5c1e73255abb75331400e98ecf987bf6e056
-
SSDEEP
768:4bZf4IlYHLIaHR2dXvq50wh5E9g7uUh7986dOGpRo7t845kFEntNOw:4lf4pXHiX+0whSgThZeGpX+ntkw
Score
7/10
Malware Config
Signatures
-
Drops startup file 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\43f65d94c18425f13dfe117110582a17_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\43f65d94c18425f13dfe117110582a17_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI0012⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI0013⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI0014⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI0015⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI0016⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI0017⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI0018⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI0019⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00110⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00111⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00112⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00113⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00114⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00115⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00116⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00117⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00118⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00119⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00120⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00121⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00122⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00123⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00124⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00125⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00126⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00127⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00128⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00129⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00130⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00131⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00132⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00133⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00134⤵
- Drops startup file
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00135⤵
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00136⤵
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00137⤵
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00138⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00139⤵
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00140⤵
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00141⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00142⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00143⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00144⤵
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00145⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00146⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00147⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00148⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00149⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00150⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00151⤵
- Drops startup file
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00152⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00153⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00154⤵
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00155⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00156⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00157⤵
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00158⤵
- Drops startup file
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00159⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00160⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00161⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00162⤵
- Drops startup file
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00163⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00164⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00165⤵
- Drops startup file
- Executes dropped EXE
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00166⤵
- Drops startup file
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00167⤵
- Drops startup file
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00168⤵
- Drops startup file
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00169⤵
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00170⤵
- Drops startup file
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00171⤵
- Drops startup file
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00172⤵
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00173⤵
- Drops startup file
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00174⤵
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00175⤵
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00176⤵
- Drops startup file
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00177⤵
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00178⤵
- Drops startup file
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00179⤵
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00180⤵
- Drops startup file
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00181⤵
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00182⤵
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00183⤵
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00184⤵
- Drops startup file
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00185⤵
- Drops startup file
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00186⤵
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00187⤵
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00188⤵
- Drops startup file
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00189⤵
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00190⤵
- Drops startup file
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00191⤵
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00192⤵
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00193⤵
- Drops startup file
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00194⤵
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00195⤵
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00196⤵
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00197⤵
- Drops startup file
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00198⤵
- Drops startup file
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI00199⤵
- Drops startup file
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI001100⤵
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI001101⤵
- Drops startup file
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI001102⤵
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI001103⤵
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI001104⤵
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI001105⤵
- Drops startup file
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI001106⤵
- Drops startup file
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI001107⤵
- Drops startup file
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI001108⤵
- Drops startup file
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI001109⤵
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI001110⤵
- Drops startup file
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI001111⤵
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI001112⤵
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI001113⤵
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI001114⤵
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI001115⤵
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI001116⤵
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI001117⤵
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI001118⤵
- Drops startup file
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI001119⤵
- Drops startup file
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI001120⤵
- Drops file in System32 directory
-
\??\c:\windows\SysWOW64\dwdsregt.exec:\windows\system32\dwdsregt.exe OLI001121⤵
- Drops file in System32 directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-