Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
09/09/2024, 11:00 UTC
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe
Resource
win7-20240903-en
windows7-x64
12 signatures
150 seconds
Behavioral task
behavioral2
Sample
d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
14 signatures
150 seconds
General
-
Target
d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe
-
Size
3.2MB
-
MD5
d62da64ea2fe5ff1e73e8e466348ead2
-
SHA1
8f4fac662b3cd339d06598b62de05ad5e0191fa3
-
SHA256
6a4e14d5d843a9a9a472b77c76f5cc81c02a9929ceb2b07011bb9be34028ed8f
-
SHA512
9efa58806ad0be2efa1f65ec36f3748bc1495bfca6c803598b78a20a72ef09730fad63c46c3c869ae936fae6f2a8b1e936fa9bba2345ec0f539d092f2f2411fc
-
SSDEEP
49152:oV2kFLjLZaYWVe1JxQEOWVhQxZLuDLNFuyO3bu8yF3val1mj01vFkTST8xZ16pd+:o/FXLYrcCEO9LsJFuhLuO3NqfxZsYr
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 64 IoCs
description ioc Process File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts _TMP.EXE File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe File opened for modification C:\Windows\system32\drivers\etc\hosts btorrentcli.exe -
Checks computer location settings 2 TTPs 64 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation btorrentcli.exe -
Executes dropped EXE 64 IoCs
pid Process 4540 _TMP.EXE 1208 SETUP.EXE 5000 _TMP.EXE 5028 btorrentcli.exe 2696 btorrentcli.exe 1272 btorrentcli.exe 4224 btorrentcli.exe 1120 btorrentcli.exe 4432 btorrentcli.exe 4520 btorrentcli.exe 3860 btorrentcli.exe 3196 btorrentcli.exe 1796 btorrentcli.exe 1844 btorrentcli.exe 4524 btorrentcli.exe 4804 btorrentcli.exe 1576 btorrentcli.exe 2260 btorrentcli.exe 1448 btorrentcli.exe 4540 btorrentcli.exe 4476 btorrentcli.exe 2140 btorrentcli.exe 4784 btorrentcli.exe 4124 btorrentcli.exe 1868 btorrentcli.exe 1960 btorrentcli.exe 1588 btorrentcli.exe 1372 btorrentcli.exe 2400 btorrentcli.exe 3108 btorrentcli.exe 1520 btorrentcli.exe 3848 btorrentcli.exe 1844 btorrentcli.exe 4548 btorrentcli.exe 1344 btorrentcli.exe 116 btorrentcli.exe 4376 btorrentcli.exe 4572 btorrentcli.exe 1904 btorrentcli.exe 3684 btorrentcli.exe 964 btorrentcli.exe 4784 btorrentcli.exe 860 btorrentcli.exe 5020 btorrentcli.exe 880 btorrentcli.exe 5068 btorrentcli.exe 2396 btorrentcli.exe 2528 btorrentcli.exe 4864 btorrentcli.exe 3372 btorrentcli.exe 1908 btorrentcli.exe 3252 btorrentcli.exe 1548 btorrentcli.exe 2368 btorrentcli.exe 4344 btorrentcli.exe 3616 btorrentcli.exe 2812 btorrentcli.exe 1888 btorrentcli.exe 3156 btorrentcli.exe 1556 btorrentcli.exe 4556 btorrentcli.exe 216 btorrentcli.exe 3780 btorrentcli.exe 2632 btorrentcli.exe -
Loads dropped DLL 3 IoCs
pid Process 1208 SETUP.EXE 1208 SETUP.EXE 1208 SETUP.EXE -
Adds Run key to start application 2 TTPs 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BitTorrent Client = "btorrentcli.exe" btorrentcli.exe -
Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File created C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe File opened for modification C:\Windows\SysWOW64\btorrentcli.exe btorrentcli.exe -
Suspicious use of SetThreadContext 64 IoCs
description pid Process procid_target PID 4540 set thread context of 5000 4540 _TMP.EXE 87 PID 5028 set thread context of 2696 5028 btorrentcli.exe 93 PID 1272 set thread context of 4224 1272 btorrentcli.exe 96 PID 1120 set thread context of 4432 1120 btorrentcli.exe 100 PID 4520 set thread context of 3860 4520 btorrentcli.exe 105 PID 3196 set thread context of 1796 3196 btorrentcli.exe 109 PID 1844 set thread context of 4524 1844 btorrentcli.exe 113 PID 4804 set thread context of 1576 4804 btorrentcli.exe 117 PID 2260 set thread context of 1448 2260 btorrentcli.exe 121 PID 4540 set thread context of 4476 4540 btorrentcli.exe 124 PID 2140 set thread context of 4784 2140 btorrentcli.exe 129 PID 4124 set thread context of 1868 4124 btorrentcli.exe 132 PID 1960 set thread context of 1588 1960 btorrentcli.exe 136 PID 1372 set thread context of 2400 1372 btorrentcli.exe 143 PID 3108 set thread context of 1520 3108 btorrentcli.exe 147 PID 3848 set thread context of 1844 3848 btorrentcli.exe 152 PID 4548 set thread context of 1344 4548 btorrentcli.exe 156 PID 116 set thread context of 4376 116 btorrentcli.exe 161 PID 4572 set thread context of 1904 4572 btorrentcli.exe 165 PID 3684 set thread context of 964 3684 btorrentcli.exe 169 PID 4784 set thread context of 860 4784 btorrentcli.exe 174 PID 5020 set thread context of 880 5020 btorrentcli.exe 178 PID 5068 set thread context of 2396 5068 btorrentcli.exe 182 PID 2528 set thread context of 4864 2528 btorrentcli.exe 186 PID 3372 set thread context of 1908 3372 btorrentcli.exe 189 PID 3252 set thread context of 1548 3252 btorrentcli.exe 194 PID 2368 set thread context of 4344 2368 btorrentcli.exe 200 PID 3616 set thread context of 2812 3616 btorrentcli.exe 203 PID 1888 set thread context of 3156 1888 btorrentcli.exe 207 PID 1556 set thread context of 4556 1556 btorrentcli.exe 211 PID 216 set thread context of 3780 216 btorrentcli.exe 215 PID 2632 set thread context of 4368 2632 btorrentcli.exe 219 PID 4776 set thread context of 4704 4776 btorrentcli.exe 223 PID 744 set thread context of 3252 744 btorrentcli.exe 228 PID 4472 set thread context of 3556 4472 btorrentcli.exe 231 PID 1848 set thread context of 1124 1848 btorrentcli.exe 235 PID 1584 set thread context of 4124 1584 btorrentcli.exe 239 PID 3604 set thread context of 1712 3604 btorrentcli.exe 244 PID 4984 set thread context of 3552 4984 btorrentcli.exe 248 PID 2752 set thread context of 4232 2752 btorrentcli.exe 252 PID 4584 set thread context of 3648 4584 btorrentcli.exe 255 PID 4444 set thread context of 636 4444 btorrentcli.exe 259 PID 4640 set thread context of 2092 4640 btorrentcli.exe 263 PID 3056 set thread context of 2368 3056 btorrentcli.exe 268 PID 4760 set thread context of 1164 4760 btorrentcli.exe 271 PID 2532 set thread context of 4552 2532 btorrentcli.exe 275 PID 4724 set thread context of 4916 4724 btorrentcli.exe 279 PID 4536 set thread context of 3872 4536 btorrentcli.exe 283 PID 2016 set thread context of 2288 2016 btorrentcli.exe 288 PID 1808 set thread context of 2104 1808 btorrentcli.exe 293 PID 2932 set thread context of 1160 2932 btorrentcli.exe 297 PID 3752 set thread context of 2208 3752 btorrentcli.exe 301 PID 3368 set thread context of 1584 3368 btorrentcli.exe 305 PID 448 set thread context of 5116 448 btorrentcli.exe 309 PID 532 set thread context of 2352 532 btorrentcli.exe 313 PID 2632 set thread context of 1372 2632 btorrentcli.exe 317 PID 1600 set thread context of 2324 1600 btorrentcli.exe 321 PID 1808 set thread context of 3256 1808 btorrentcli.exe 325 PID 4260 set thread context of 2788 4260 btorrentcli.exe 329 PID 4364 set thread context of 5096 4364 btorrentcli.exe 333 PID 2188 set thread context of 1556 2188 btorrentcli.exe 338 PID 4280 set thread context of 2552 4280 btorrentcli.exe 342 PID 532 set thread context of 3308 532 btorrentcli.exe 346 PID 2128 set thread context of 528 2128 btorrentcli.exe 349 -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\Hyena.MIF SETUP.EXE -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btorrentcli.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ _TMP.EXE Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ btorrentcli.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeIncBasePriorityPrivilege 5000 _TMP.EXE Token: SeIncBasePriorityPrivilege 2696 btorrentcli.exe Token: SeIncBasePriorityPrivilege 4224 btorrentcli.exe Token: SeIncBasePriorityPrivilege 4432 btorrentcli.exe Token: SeIncBasePriorityPrivilege 3860 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1796 btorrentcli.exe Token: SeIncBasePriorityPrivilege 4524 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1576 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1448 btorrentcli.exe Token: SeIncBasePriorityPrivilege 4476 btorrentcli.exe Token: SeIncBasePriorityPrivilege 4784 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1868 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1588 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2400 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1520 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1844 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1344 btorrentcli.exe Token: SeIncBasePriorityPrivilege 4376 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1904 btorrentcli.exe Token: SeIncBasePriorityPrivilege 964 btorrentcli.exe Token: SeIncBasePriorityPrivilege 860 btorrentcli.exe Token: SeIncBasePriorityPrivilege 880 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2396 btorrentcli.exe Token: SeIncBasePriorityPrivilege 4864 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1908 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1548 btorrentcli.exe Token: SeIncBasePriorityPrivilege 4344 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2812 btorrentcli.exe Token: SeIncBasePriorityPrivilege 3156 btorrentcli.exe Token: SeIncBasePriorityPrivilege 4556 btorrentcli.exe Token: SeIncBasePriorityPrivilege 3780 btorrentcli.exe Token: SeIncBasePriorityPrivilege 4368 btorrentcli.exe Token: SeIncBasePriorityPrivilege 4704 btorrentcli.exe Token: SeIncBasePriorityPrivilege 3252 btorrentcli.exe Token: SeIncBasePriorityPrivilege 3556 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1124 btorrentcli.exe Token: SeIncBasePriorityPrivilege 4124 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1712 btorrentcli.exe Token: SeIncBasePriorityPrivilege 3552 btorrentcli.exe Token: SeIncBasePriorityPrivilege 4232 btorrentcli.exe Token: SeIncBasePriorityPrivilege 3648 btorrentcli.exe Token: SeIncBasePriorityPrivilege 636 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2092 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2368 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1164 btorrentcli.exe Token: SeIncBasePriorityPrivilege 4552 btorrentcli.exe Token: SeIncBasePriorityPrivilege 4916 btorrentcli.exe Token: SeIncBasePriorityPrivilege 3872 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2288 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2104 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1160 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2208 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1584 btorrentcli.exe Token: SeIncBasePriorityPrivilege 5116 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2352 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1372 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2324 btorrentcli.exe Token: SeIncBasePriorityPrivilege 3256 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2788 btorrentcli.exe Token: SeIncBasePriorityPrivilege 5096 btorrentcli.exe Token: SeIncBasePriorityPrivilege 1556 btorrentcli.exe Token: SeIncBasePriorityPrivilege 2552 btorrentcli.exe Token: SeIncBasePriorityPrivilege 3308 btorrentcli.exe Token: SeIncBasePriorityPrivilege 528 btorrentcli.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2564 wrote to memory of 4540 2564 d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe 85 PID 2564 wrote to memory of 4540 2564 d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe 85 PID 2564 wrote to memory of 4540 2564 d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe 85 PID 2564 wrote to memory of 1208 2564 d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe 86 PID 2564 wrote to memory of 1208 2564 d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe 86 PID 2564 wrote to memory of 1208 2564 d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe 86 PID 4540 wrote to memory of 5000 4540 _TMP.EXE 87 PID 4540 wrote to memory of 5000 4540 _TMP.EXE 87 PID 4540 wrote to memory of 5000 4540 _TMP.EXE 87 PID 4540 wrote to memory of 5000 4540 _TMP.EXE 87 PID 4540 wrote to memory of 5000 4540 _TMP.EXE 87 PID 4540 wrote to memory of 5000 4540 _TMP.EXE 87 PID 4540 wrote to memory of 5000 4540 _TMP.EXE 87 PID 4540 wrote to memory of 5000 4540 _TMP.EXE 87 PID 4540 wrote to memory of 5000 4540 _TMP.EXE 87 PID 5000 wrote to memory of 5028 5000 _TMP.EXE 90 PID 5000 wrote to memory of 5028 5000 _TMP.EXE 90 PID 5000 wrote to memory of 5028 5000 _TMP.EXE 90 PID 5000 wrote to memory of 4724 5000 _TMP.EXE 91 PID 5000 wrote to memory of 4724 5000 _TMP.EXE 91 PID 5000 wrote to memory of 4724 5000 _TMP.EXE 91 PID 5028 wrote to memory of 2696 5028 btorrentcli.exe 93 PID 5028 wrote to memory of 2696 5028 btorrentcli.exe 93 PID 5028 wrote to memory of 2696 5028 btorrentcli.exe 93 PID 5028 wrote to memory of 2696 5028 btorrentcli.exe 93 PID 5028 wrote to memory of 2696 5028 btorrentcli.exe 93 PID 5028 wrote to memory of 2696 5028 btorrentcli.exe 93 PID 5028 wrote to memory of 2696 5028 btorrentcli.exe 93 PID 5028 wrote to memory of 2696 5028 btorrentcli.exe 93 PID 5028 wrote to memory of 2696 5028 btorrentcli.exe 93 PID 2696 wrote to memory of 1272 2696 btorrentcli.exe 94 PID 2696 wrote to memory of 1272 2696 btorrentcli.exe 94 PID 2696 wrote to memory of 1272 2696 btorrentcli.exe 94 PID 2696 wrote to memory of 532 2696 btorrentcli.exe 95 PID 2696 wrote to memory of 532 2696 btorrentcli.exe 95 PID 2696 wrote to memory of 532 2696 btorrentcli.exe 95 PID 1272 wrote to memory of 4224 1272 btorrentcli.exe 96 PID 1272 wrote to memory of 4224 1272 btorrentcli.exe 96 PID 1272 wrote to memory of 4224 1272 btorrentcli.exe 96 PID 1272 wrote to memory of 4224 1272 btorrentcli.exe 96 PID 1272 wrote to memory of 4224 1272 btorrentcli.exe 96 PID 1272 wrote to memory of 4224 1272 btorrentcli.exe 96 PID 1272 wrote to memory of 4224 1272 btorrentcli.exe 96 PID 1272 wrote to memory of 4224 1272 btorrentcli.exe 96 PID 1272 wrote to memory of 4224 1272 btorrentcli.exe 96 PID 4224 wrote to memory of 1120 4224 btorrentcli.exe 98 PID 4224 wrote to memory of 1120 4224 btorrentcli.exe 98 PID 4224 wrote to memory of 1120 4224 btorrentcli.exe 98 PID 4224 wrote to memory of 3436 4224 btorrentcli.exe 99 PID 4224 wrote to memory of 3436 4224 btorrentcli.exe 99 PID 4224 wrote to memory of 3436 4224 btorrentcli.exe 99 PID 1120 wrote to memory of 4432 1120 btorrentcli.exe 100 PID 1120 wrote to memory of 4432 1120 btorrentcli.exe 100 PID 1120 wrote to memory of 4432 1120 btorrentcli.exe 100 PID 1120 wrote to memory of 4432 1120 btorrentcli.exe 100 PID 1120 wrote to memory of 4432 1120 btorrentcli.exe 100 PID 1120 wrote to memory of 4432 1120 btorrentcli.exe 100 PID 1120 wrote to memory of 4432 1120 btorrentcli.exe 100 PID 1120 wrote to memory of 4432 1120 btorrentcli.exe 100 PID 1120 wrote to memory of 4432 1120 btorrentcli.exe 100 PID 4432 wrote to memory of 4520 4432 btorrentcli.exe 102 PID 4432 wrote to memory of 4520 4432 btorrentcli.exe 102 PID 4432 wrote to memory of 4520 4432 btorrentcli.exe 102 PID 4432 wrote to memory of 3664 4432 btorrentcli.exe 103
Processes
-
C:\Users\Admin\AppData\Local\Temp\d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\d62da64ea2fe5ff1e73e8e466348ead2_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2564 -
C:\Users\Admin\AppData\Local\Temp\_TMP.EXE"C:\Users\Admin\AppData\Local\Temp\_TMP.EXE"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4540 -
C:\Users\Admin\AppData\Local\Temp\_TMP.EXE"C:\Users\Admin\AppData\Local\Temp\_TMP.EXE"3⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5000 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:5028 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"5⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2696 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1272 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"7⤵
- Drops file in Drivers directory
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4224 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"8⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1120 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"9⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4432 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"10⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4520 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"11⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3860 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"12⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3196 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"13⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1796 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"14⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1844 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"15⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:4524 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"16⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4804 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"17⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1576 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"18⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2260 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"19⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:1448 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"20⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4540 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"21⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4476 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"22⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2140 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"23⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4784 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"24⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4124 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"25⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:1868 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"26⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1960 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"27⤵
- Drops file in Drivers directory
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:1588 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"28⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1372 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"29⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2400 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"30⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3108 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"31⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:1520 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"32⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3848 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"33⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1844 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"34⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4548 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"35⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1344 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"36⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:116 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"37⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4376 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"38⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4572 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"39⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1904 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"40⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3684 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"41⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:964 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"42⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4784 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"43⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:860 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"44⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:5020 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"45⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:880 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"46⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:5068 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"47⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:2396 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"48⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2528 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"49⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4864 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"50⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3372 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"51⤵
- Drops file in Drivers directory
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:1908 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"52⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3252 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"53⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1548 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"54⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2368 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"55⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4344 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"56⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3616 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"57⤵
- Drops file in Drivers directory
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:2812 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"58⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1888 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"59⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:3156 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"60⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1556 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"61⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4556 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"62⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:216 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"63⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:3780 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"64⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2632 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"65⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:4368 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"66⤵
- Suspicious use of SetThreadContext
PID:4776 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"67⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4704 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"68⤵
- Suspicious use of SetThreadContext
PID:744 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"69⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:3252 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"70⤵
- Suspicious use of SetThreadContext
PID:4472 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"71⤵
- Suspicious use of AdjustPrivilegeToken
PID:3556 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"72⤵
- Suspicious use of SetThreadContext
PID:1848 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"73⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1124 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"74⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1584 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"75⤵
- Drops file in Drivers directory
- Suspicious use of AdjustPrivilegeToken
PID:4124 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"76⤵
- Suspicious use of SetThreadContext
PID:3604 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"77⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1712 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"78⤵
- Suspicious use of SetThreadContext
PID:4984 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"79⤵
- Drops file in Drivers directory
- Adds Run key to start application
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3552 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"80⤵
- Suspicious use of SetThreadContext
PID:2752 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"81⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4232 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"82⤵
- Suspicious use of SetThreadContext
PID:4584 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"83⤵
- Drops file in Drivers directory
- Checks computer location settings
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3648 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"84⤵
- Suspicious use of SetThreadContext
PID:4444 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"85⤵
- Suspicious use of AdjustPrivilegeToken
PID:636 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"86⤵
- Suspicious use of SetThreadContext
PID:4640 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"87⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:2092 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"88⤵
- Suspicious use of SetThreadContext
PID:3056 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"89⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2368 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"90⤵
- Suspicious use of SetThreadContext
PID:4760 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"91⤵
- Suspicious use of AdjustPrivilegeToken
PID:1164 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"92⤵
- Suspicious use of SetThreadContext
PID:2532 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"93⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4552 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"94⤵
- Suspicious use of SetThreadContext
PID:4724 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"95⤵
- Drops file in Drivers directory
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:4916 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"96⤵
- Suspicious use of SetThreadContext
PID:4536 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"97⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:3872 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"98⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2016 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"99⤵
- Drops file in Drivers directory
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:2288 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"100⤵
- Suspicious use of SetThreadContext
PID:1808 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"101⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2104 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"102⤵
- Suspicious use of SetThreadContext
PID:2932 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"103⤵
- Suspicious use of AdjustPrivilegeToken
PID:1160 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"104⤵
- Suspicious use of SetThreadContext
PID:3752 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"105⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:2208 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"106⤵
- Suspicious use of SetThreadContext
PID:3368 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"107⤵
- Suspicious use of AdjustPrivilegeToken
PID:1584 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"108⤵
- Suspicious use of SetThreadContext
PID:448 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"109⤵
- Drops file in Drivers directory
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:5116 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"110⤵
- Suspicious use of SetThreadContext
PID:532 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"111⤵
- Drops file in Drivers directory
- Adds Run key to start application
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2352 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"112⤵
- Suspicious use of SetThreadContext
PID:2632 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"113⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:1372 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"114⤵
- Suspicious use of SetThreadContext
PID:1600 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"115⤵
- Drops file in Drivers directory
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2324 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"116⤵
- Suspicious use of SetThreadContext
PID:1808 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"117⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3256 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"118⤵
- Suspicious use of SetThreadContext
PID:4260 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"119⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:2788 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\system32\btorrentcli.exe"120⤵
- Suspicious use of SetThreadContext
PID:4364 -
C:\Windows\SysWOW64\btorrentcli.exe"C:\Windows\SysWOW64\btorrentcli.exe"121⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:5096
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-