Analysis
-
max time kernel
45s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
26-08-2024 05:12
General
-
Target
c259e839c3bf1643faad6755dbb4a45b_JaffaCakes118.exe
-
Size
68KB
-
MD5
c259e839c3bf1643faad6755dbb4a45b
-
SHA1
75fd37e261d3c8d515a2744f40b5eadf9971b630
-
SHA256
0d5c5897275433b4daba75341d4d31f09c864704b24a285d61120b1f89fa5073
-
SHA512
d3e07764f1add49ba6a26c78e010e1ec2ce55e546b476ad88301f34fa5dc362769b755b80e3e7c7d3656495f7201a023074e1a61bad69e3957ae5e3ad39d0d28
-
SSDEEP
1536:CzX1z1RieG2bPWjjlAn+3hlG8aLIARvvoDNI6gDWgAee9YB/PvQ:CzX11IeG24C+3h/oIAR3MIVeOPvQ
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 5 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory 64 IoCs
-
Drops file in Windows directory 64 IoCs
-
Program crash 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c259e839c3bf1643faad6755dbb4a45b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\c259e839c3bf1643faad6755dbb4a45b_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL2⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL3⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL4⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE4⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL5⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL6⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE6⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL7⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE7⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL8⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE8⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL9⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL10⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL11⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL12⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE12⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL13⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL14⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL15⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE15⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL16⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL17⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE17⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL18⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL19⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL20⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL21⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE21⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL22⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL23⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL24⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL25⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL26⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL27⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE27⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL28⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE28⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL29⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE29⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL30⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL31⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL32⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL33⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL34⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL35⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE35⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL36⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE36⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL37⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL38⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL39⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL40⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL41⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL42⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL43⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL44⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL45⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL46⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL47⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE47⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL48⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL49⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL50⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL51⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL52⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL53⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL54⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE54⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL55⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL56⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL57⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL58⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL59⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL60⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL61⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE61⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL62⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE62⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL63⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL64⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL65⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL66⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE66⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL67⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE67⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL68⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE68⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL69⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE69⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL70⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE70⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL71⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE71⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL72⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE72⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL73⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE73⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL74⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE74⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL75⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE75⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL76⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE76⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL77⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE77⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL78⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE78⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL79⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE79⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL80⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE80⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL81⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE81⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL82⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE82⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL83⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE83⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL84⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE84⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL85⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE85⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL86⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE86⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL87⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE87⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL88⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE88⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL89⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE89⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL90⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE90⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL91⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE91⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL92⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE92⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL93⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE93⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL94⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE94⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL95⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE95⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL96⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE96⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL97⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE97⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL98⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE98⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL99⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE99⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL100⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE100⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL101⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE101⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL102⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE102⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL103⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE103⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL104⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE104⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL105⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE105⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL106⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE106⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL107⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE107⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL108⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE108⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL109⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE109⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL110⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE110⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL111⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE111⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL112⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE112⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL113⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE113⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL114⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE114⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL115⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE115⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL116⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE116⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL117⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE117⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL118⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE118⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL119⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE119⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL120⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE120⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-