bdf0e02d72c8ecec7c4dc5574c635a764082d730400cd533ae7ce032ee16ae86

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-11-2024 23:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IDM.v6.42.Build.25.Crack/IDM Protection Key Cleaner.bat
Size

8KB
MD5

66e736d158131ada43af4b98d84f880b
SHA1

6ae6255d12b1aedc3218ad5593c1d7a49d3a74e0
SHA256

1d83a1b5830aeef9533a2cacbabf880da6d71e17031dd1d46e1b3d3e5768d9fe
SHA512

7a5896b4221608bf32a7d35fd268c896c41abc47c06a3e761f7d213a372e9d7080ed508f7bad1e3bbd9c0fd6563bfb45bf2081dc66d9c490caa8455d296b91cf
SSDEEP

192:IJGsSXczOrcf1NrAfCvIzxflf0kREPTvDHbhgzrhtytc:IGdREjDHbaXic

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2772	whoami.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 2696	1668	cmd.exe	32
PID 1668 wrote to memory of 2696	1668	cmd.exe	32
PID 1668 wrote to memory of 2696	1668	cmd.exe	32
PID 2696 wrote to memory of 2772	2696	cmd.exe	33
PID 2696 wrote to memory of 2772	2696	cmd.exe	33
PID 2696 wrote to memory of 2772	2696	cmd.exe	33
PID 1668 wrote to memory of 2784	1668	cmd.exe	34
PID 1668 wrote to memory of 2784	1668	cmd.exe	34
PID 1668 wrote to memory of 2784	1668	cmd.exe	34
PID 1668 wrote to memory of 2808	1668	cmd.exe	35
PID 1668 wrote to memory of 2808	1668	cmd.exe	35
PID 1668 wrote to memory of 2808	1668	cmd.exe	35
PID 1668 wrote to memory of 2820	1668	cmd.exe	36
PID 1668 wrote to memory of 2820	1668	cmd.exe	36
PID 1668 wrote to memory of 2820	1668	cmd.exe	36
PID 1668 wrote to memory of 2924	1668	cmd.exe	37
PID 1668 wrote to memory of 2924	1668	cmd.exe	37
PID 1668 wrote to memory of 2924	1668	cmd.exe	37
PID 1668 wrote to memory of 2776	1668	cmd.exe	38
PID 1668 wrote to memory of 2776	1668	cmd.exe	38
PID 1668 wrote to memory of 2776	1668	cmd.exe	38
PID 1668 wrote to memory of 2708	1668	cmd.exe	39
PID 1668 wrote to memory of 2708	1668	cmd.exe	39
PID 1668 wrote to memory of 2708	1668	cmd.exe	39
PID 1668 wrote to memory of 2676	1668	cmd.exe	40
PID 1668 wrote to memory of 2676	1668	cmd.exe	40
PID 1668 wrote to memory of 2676	1668	cmd.exe	40
PID 1668 wrote to memory of 2920	1668	cmd.exe	41
PID 1668 wrote to memory of 2920	1668	cmd.exe	41
PID 1668 wrote to memory of 2920	1668	cmd.exe	41
PID 1668 wrote to memory of 2556	1668	cmd.exe	42
PID 1668 wrote to memory of 2556	1668	cmd.exe	42
PID 1668 wrote to memory of 2556	1668	cmd.exe	42
PID 1668 wrote to memory of 2088	1668	cmd.exe	43
PID 1668 wrote to memory of 2088	1668	cmd.exe	43
PID 1668 wrote to memory of 2088	1668	cmd.exe	43
PID 1668 wrote to memory of 2916	1668	cmd.exe	44
PID 1668 wrote to memory of 2916	1668	cmd.exe	44
PID 1668 wrote to memory of 2916	1668	cmd.exe	44
PID 1668 wrote to memory of 2712	1668	cmd.exe	45
PID 1668 wrote to memory of 2712	1668	cmd.exe	45
PID 1668 wrote to memory of 2712	1668	cmd.exe	45
PID 1668 wrote to memory of 2748	1668	cmd.exe	46
PID 1668 wrote to memory of 2748	1668	cmd.exe	46
PID 1668 wrote to memory of 2748	1668	cmd.exe	46
PID 1668 wrote to memory of 2800	1668	cmd.exe	47
PID 1668 wrote to memory of 2800	1668	cmd.exe	47
PID 1668 wrote to memory of 2800	1668	cmd.exe	47
PID 1668 wrote to memory of 2144	1668	cmd.exe	48
PID 1668 wrote to memory of 2144	1668	cmd.exe	48
PID 1668 wrote to memory of 2144	1668	cmd.exe	48
PID 1668 wrote to memory of 2584	1668	cmd.exe	49
PID 1668 wrote to memory of 2584	1668	cmd.exe	49
PID 1668 wrote to memory of 2584	1668	cmd.exe	49
PID 1668 wrote to memory of 2844	1668	cmd.exe	50
PID 1668 wrote to memory of 2844	1668	cmd.exe	50
PID 1668 wrote to memory of 2844	1668	cmd.exe	50
PID 1668 wrote to memory of 2652	1668	cmd.exe	51
PID 1668 wrote to memory of 2652	1668	cmd.exe	51
PID 1668 wrote to memory of 2652	1668	cmd.exe	51
PID 1668 wrote to memory of 2572	1668	cmd.exe	52
PID 1668 wrote to memory of 2572	1668	cmd.exe	52
PID 1668 wrote to memory of 2572	1668	cmd.exe	52
PID 1668 wrote to memory of 2156	1668	cmd.exe	53

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\IDM.v6.42.Build.25.Crack\IDM Protection Key Cleaner.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c whoami /user /fo list
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2696
- - C:\Windows\system32\whoami.exe
    whoami /user /fo list
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2772
- C:\Windows\system32\reg.exe
  reg query HKU\S-1-5-19
  2⤵
  PID:2784
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
  2⤵
  PID:2808
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:2820
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:2924
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
  2⤵
  PID:2776
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:2708
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:2676
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
  2⤵
  PID:2920
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:2556
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:2088
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
  2⤵
  PID:2916
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:2712
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:2748
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
  2⤵
  PID:2800
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:2144
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:2584
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
  2⤵
  PID:2844
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:2652
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:2572
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
  2⤵
  PID:2156
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:2688
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:2744
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
  2⤵
  PID:2664
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:2824
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:2728
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
  2⤵
  PID:2552
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:2560
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:2568
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
  2⤵
  PID:2600
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:2624
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:2672
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
  2⤵
  PID:2032
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:2996
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:2992
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
  2⤵
  PID:2128
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:2464
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:1888
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
  2⤵
  PID:1516
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:1564
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:2056
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
  2⤵
  PID:1664
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:108
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:2764
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
  2⤵
  PID:2848
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:2868
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:2884
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
  2⤵
  PID:2864
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:2880
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:2892
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
  2⤵
  PID:2896
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:1404
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:2588
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
  2⤵
  PID:2152
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:2296
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:2092
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
  2⤵
  PID:1128
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:1616
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:2284
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
  2⤵
  PID:992
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:1540
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:1352
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
  2⤵
  PID:1408
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:2064
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:1568
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
  2⤵
  PID:1904
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:1560
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:1876
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
  2⤵
  PID:568
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:1360
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:380
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
  2⤵
  PID:1008
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:1416
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:644
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
  2⤵
  PID:1912
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:1968
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:2040
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
  2⤵
  PID:1604
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:1776
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:1608
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
  2⤵
  PID:2536
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:1956
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:1972
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
  2⤵
  PID:764
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:2000
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:332
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
  2⤵
  PID:2108
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:700
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:1348
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
  2⤵
  PID:2008
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:2428
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:2376
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
  2⤵
  PID:620
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:2348
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:2104
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
  2⤵
  PID:2148
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:2420
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:2124
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
  2⤵
  PID:1036
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:2324
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:1364
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
  2⤵
  PID:2388
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:2280
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:2392
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
  2⤵
  PID:2244
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:2472
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:2948
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
  2⤵
  PID:2528
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:2944
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:908
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
  2⤵
  PID:3048
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:1872
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:444
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
  2⤵
  PID:1916
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:1708
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:2180
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
  2⤵
  PID:356
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:1984
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:824
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
  2⤵
  PID:1132
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:1504
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:960
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
  2⤵
  PID:1308
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:668
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:1832
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
  2⤵
  PID:2500
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:2512
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:1820
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
  2⤵
  PID:340
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:1632
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:1720
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
  2⤵
  PID:1656
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:2248
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:1740
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
  2⤵
  PID:900
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:888
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:752
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
  2⤵
  PID:2188
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:2112
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:1468
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
  2⤵
  PID:1440
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:3044
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:1208
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
  2⤵
  PID:1212
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:1480
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:2956
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
  2⤵
  PID:1628
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:1464
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:2524
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
  2⤵
  PID:1980
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:1044
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:2312
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
  2⤵
  PID:2912
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:2276
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:1864
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
  2⤵
  PID:1844
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:2508
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:956
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
  2⤵
  PID:1584
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:1856
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:2196
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
  2⤵
  PID:2928
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:2320
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:2836

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads