bdf0e02d72c8ecec7c4dc5574c635a764082d730400cd533ae7ce032ee16ae86

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-11-2024 23:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IDM.v6.42.Build.25.Crack/IDM Protection Key Cleaner.bat
Size

8KB
MD5

66e736d158131ada43af4b98d84f880b
SHA1

6ae6255d12b1aedc3218ad5593c1d7a49d3a74e0
SHA256

1d83a1b5830aeef9533a2cacbabf880da6d71e17031dd1d46e1b3d3e5768d9fe
SHA512

7a5896b4221608bf32a7d35fd268c896c41abc47c06a3e761f7d213a372e9d7080ed508f7bad1e3bbd9c0fd6563bfb45bf2081dc66d9c490caa8455d296b91cf
SSDEEP

192:IJGsSXczOrcf1NrAfCvIzxflf0kREPTvDHbhgzrhtytc:IGdREjDHbaXic

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

whoami.exe

description pid process

Token: SeDebugPrivilege 2240 whoami.exe

description	pid	process
Token: SeDebugPrivilege	2240	whoami.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.execmd.exe

description	pid	process	target process
PID 4224 wrote to memory of 4832	4224	cmd.exe	cmd.exe
PID 4224 wrote to memory of 4832	4224	cmd.exe	cmd.exe
PID 4832 wrote to memory of 2240	4832	cmd.exe	whoami.exe
PID 4832 wrote to memory of 2240	4832	cmd.exe	whoami.exe
PID 4224 wrote to memory of 2272	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 2272	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 988	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 988	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 3148	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 3148	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 2256	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 2256	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 1920	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 1920	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 1084	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 1084	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 3504	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 3504	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 4944	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 4944	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 3988	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 3988	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 4936	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 4936	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 336	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 336	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 1352	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 1352	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 3804	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 3804	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 1612	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 1612	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 4408	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 4408	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 1764	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 1764	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 4380	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 4380	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 4700	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 4700	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 3832	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 3832	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 2828	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 2828	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 1732	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 1732	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 2608	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 2608	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 2856	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 2856	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 624	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 624	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 3208	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 3208	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 4868	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 4868	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 1736	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 1736	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 4836	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 4836	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 3152	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 3152	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 2268	4224	cmd.exe	reg.exe
PID 4224 wrote to memory of 2268	4224	cmd.exe	reg.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\IDM.v6.42.Build.25.Crack\IDM Protection Key Cleaner.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c whoami /user /fo list
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4832
- - C:\Windows\system32\whoami.exe
    whoami /user /fo list
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2240
- C:\Windows\system32\reg.exe
  reg query HKU\S-1-5-19
  2⤵
  PID:2272
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
  2⤵
  PID:988
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:3148
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:2256
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
  2⤵
  PID:1920
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:1084
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:3504
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
  2⤵
  PID:4944
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:3988
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:4936
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
  2⤵
  PID:336
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:1352
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:3804
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
  2⤵
  PID:1612
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:4408
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:1764
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
  2⤵
  PID:4380
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:4700
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:3832
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
  2⤵
  PID:2828
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:1732
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:2608
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
  2⤵
  PID:2856
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:624
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:3208
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
  2⤵
  PID:4868
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:1736
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:4836
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
  2⤵
  PID:3152
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:2268
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:1364
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
  2⤵
  PID:4436
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:3872
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:2588
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
  2⤵
  PID:4236
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:772
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:4508
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
  2⤵
  PID:4888
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:1260
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:4312
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
  2⤵
  PID:4076
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:4032
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:1048
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
  2⤵
  PID:4908
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:4384
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:2052
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
  2⤵
  PID:2016
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:4184
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:3308
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
  2⤵
  PID:1816
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:4792
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:2576
- C:\Windows\system32\reg.exe
  REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
  2⤵
  PID:5076
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:1848
- C:\Windows\system32\reg.exe
  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:4064
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
  2⤵
  PID:2684
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:2092
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:2680
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
  2⤵
  PID:2012
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:1928
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:2184
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
  2⤵
  PID:3516
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:4608
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:4452
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
  2⤵
  PID:2220
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:2056
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:4548
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
  2⤵
  PID:768
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:2480
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:432
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
  2⤵
  PID:3528
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:3304
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:1960
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
  2⤵
  PID:4596
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:3764
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:1536
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
  2⤵
  PID:4916
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:216
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:1508
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
  2⤵
  PID:4820
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:1740
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:4336
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
  2⤵
  PID:4444
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:1936
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:1796
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
  2⤵
  PID:4136
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:5000
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:4656
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
  2⤵
  PID:440
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:4832
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:2248
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
  2⤵
  PID:1120
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:1552
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:3412
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
  2⤵
  PID:4044
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:2196
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:1784
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
  2⤵
  PID:3188
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:100
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:2784
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
  2⤵
  PID:4344
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:4988
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:4400
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
  2⤵
  PID:3944
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:336
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:1352
- C:\Windows\system32\reg.exe
  REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
  2⤵
  PID:3804
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:1612
- C:\Windows\system32\reg.exe
  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:4408
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
  2⤵
  PID:1412
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:2100
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:4700
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
  2⤵
  PID:3832
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:2828
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:1732
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
  2⤵
  PID:1324
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:2608
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:2856
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
  2⤵
  PID:624
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:4580
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:2144
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
  2⤵
  PID:2924
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:3728
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:1408
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
  2⤵
  PID:4260
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:3692
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:4836
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
  2⤵
  PID:3912
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:4024
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:684
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
  2⤵
  PID:1448
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:2616
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:736
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
  2⤵
  PID:3244
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:3476
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:3400
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
  2⤵
  PID:856
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:4824
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
  2⤵
  PID:2292
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
  2⤵
  PID:700
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:4888
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
  2⤵
  PID:1260
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
  2⤵
  PID:4424
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:4448
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
  2⤵
  PID:4592
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
  2⤵
  PID:2084
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:1332
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
  2⤵
  PID:4664
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
  2⤵
  PID:2052
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:372
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
  2⤵
  PID:2520
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
  2⤵
  PID:3308
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:1816
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
  2⤵
  PID:4792
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
  2⤵
  PID:2576
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:3036
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
  2⤵
  PID:3676
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
  2⤵
  PID:3644
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:3384
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
  2⤵
  PID:2092
- C:\Windows\system32\reg.exe
  REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
  2⤵
  PID:2680
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:2012
- C:\Windows\system32\reg.exe
  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
  2⤵
  PID:1928

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads