Analysis
-
max time kernel
141s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240730-en -
resource tags
-
submitted
01-08-2024 20:58
General
-
Target
81c38658dc07ce5d15ed9f1fd2d87eb6_JaffaCakes118.exe
-
Size
181KB
-
MD5
81c38658dc07ce5d15ed9f1fd2d87eb6
-
SHA1
a45f08755bc8f9565ba89b6c3c6fa23072d60c92
-
SHA256
d748d4a1d241c9c21683a17357004bfa80e14b94450a4d89c87a55e8946fc3b8
-
SHA512
15dd33f33ebda3dcb5d5b0ed707671c07e1fa8a20f57b3116069b4ff310793e81e624a62151a3ec84691c7cc410cb5870d6f18a76e065fc440027d40a7b0f35f
-
SSDEEP
3072:vIB1KPkCMeo3Yk1KDlBxFFnDglvjar0WPU8nM5/G1PKacql3hiXXSFO2XUBcX5:Ck0eookADlBdglkW5ORKacOhi
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Program crash 7 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\81c38658dc07ce5d15ed9f1fd2d87eb6_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\81c38658dc07ce5d15ed9f1fd2d87eb6_JaffaCakes118.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix2⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix3⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix4⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix5⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix6⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE6⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix7⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix8⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE8⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix9⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE9⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix10⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE10⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix11⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE11⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix12⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE12⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix13⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE13⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix14⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE14⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix15⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE15⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix16⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE16⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix17⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE17⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix18⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE18⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix19⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE19⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix20⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE20⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix21⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE21⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix22⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE22⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix23⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE23⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix24⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE24⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix25⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE25⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix26⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE26⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix27⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE27⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix28⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE28⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix29⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE29⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix30⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE30⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix31⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE31⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix32⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE32⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix33⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix34⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix35⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix36⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix37⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix38⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix39⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix40⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix41⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix42⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix43⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix44⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix45⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix46⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix47⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE47⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix48⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix49⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix50⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix51⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix52⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix53⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix54⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix55⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE55⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix56⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE56⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix57⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix58⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix59⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix60⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix61⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix62⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix63⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix64⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix65⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix66⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE66⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix67⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE67⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix68⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE68⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix69⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE69⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix70⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE70⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix71⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE71⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix72⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE72⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix73⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE73⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix74⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE74⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix75⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE75⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix76⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE76⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix77⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE77⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix78⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE78⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix79⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE79⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix80⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE80⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix81⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE81⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix82⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE82⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix83⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE83⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix84⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE84⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix85⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE85⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix86⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE86⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix87⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE87⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix88⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE88⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix89⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE89⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix90⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE90⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix91⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE91⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix92⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE92⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix93⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE93⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix94⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE94⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix95⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE95⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix96⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE96⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix97⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE97⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix98⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE98⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix99⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE99⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix100⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE100⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix101⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE101⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix102⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE102⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix103⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE103⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix104⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE104⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix105⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE105⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix106⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE106⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix107⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE107⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix108⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE108⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix109⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE109⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix110⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE110⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix111⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE111⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix112⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE112⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix113⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE113⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix114⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE114⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix115⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE115⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix116⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE116⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix117⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE117⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix118⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE118⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix119⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE119⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix120⤵
-
-
C:\Windows\SysWOW64\SVCH0ST.EXEC:\Windows\system32\SVCH0ST.EXE120⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\Prgusel1.wix121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-