Analysis
-
max time kernel
62s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20-06-2024 13:47
Static task
static1
Behavioral task
behavioral1
Sample
068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe
-
Size
1.5MB
-
MD5
068cd7ee76ccad7b61a72b3a4ce93425
-
SHA1
7d3057f6dd1b1ab8dd8de4927e75def2af1ad860
-
SHA256
2e710d253330193e485d010ab35d2d029f6278d8130a59e4f7aed0653174ffdf
-
SHA512
94a0b4174476072e30996b27adc02d25dd01e534777ec0ccb7c2d8d5d8362786bea851b6979135119472a4f185d022df39f021bd6d77e3652a8547f6ec7746cc
-
SSDEEP
49152:jEUccAacQw1j8jeqE7/IsQSr8oKf/2s14/P:YoAaNw1IFsBr7KfN8P
Malware Config
Signatures
-
Executes dropped EXE 56 IoCs
pid Process 2724 XP-AB9DB5FA.EXE 2912 XP-AB9DB5FA.EXE 2348 XP-AB9DB5FA.EXE 2340 XP-AB9DB5FA.EXE 2768 XP-AB9DB5FA.EXE 2088 XP-AB9DB5FA.EXE 1544 XP-AB9DB5FA.EXE 2028 XP-AB9DB5FA.EXE 1752 XP-AB9DB5FA.EXE 2544 XP-AB9DB5FA.EXE 2796 XP-AB9DB5FA.EXE 1536 XP-AB9DB5FA.EXE 2396 XP-AB9DB5FA.EXE 2820 XP-AB9DB5FA.EXE 832 XP-AB9DB5FA.EXE 2344 XP-AB9DB5FA.EXE 2092 XP-AB9DB5FA.EXE 2372 XP-AB9DB5FA.EXE 2636 XP-AB9DB5FA.EXE 1756 XP-AB9DB5FA.EXE 2284 XP-AB9DB5FA.EXE 348 XP-AB9DB5FA.EXE 564 XP-AB9DB5FA.EXE 1748 XP-AB9DB5FA.EXE 2552 XP-AB9DB5FA.EXE 2348 XP-AB9DB5FA.EXE 2664 XP-AB9DB5FA.EXE 3032 XP-AB9DB5FA.EXE 2220 XP-AB9DB5FA.EXE 2496 XP-AB9DB5FA.EXE 2264 XP-AB9DB5FA.EXE 3100 XP-AB9DB5FA.EXE 3244 XP-AB9DB5FA.EXE 3392 XP-AB9DB5FA.EXE 3540 XP-AB9DB5FA.EXE 3692 XP-AB9DB5FA.EXE 3824 XP-AB9DB5FA.EXE 3968 XP-AB9DB5FA.EXE 3076 XP-AB9DB5FA.EXE 3228 XP-AB9DB5FA.EXE 3568 XP-AB9DB5FA.EXE 3832 XP-AB9DB5FA.EXE 4056 XP-AB9DB5FA.EXE 3328 XP-AB9DB5FA.EXE 3448 XP-AB9DB5FA.EXE 3988 XP-AB9DB5FA.EXE 3476 XP-AB9DB5FA.EXE 3200 XP-AB9DB5FA.EXE 4104 XP-AB9DB5FA.EXE 4200 XP-AB9DB5FA.EXE 4332 XP-AB9DB5FA.EXE 4444 XP-AB9DB5FA.EXE 4588 XP-AB9DB5FA.EXE 4708 XP-AB9DB5FA.EXE 4836 XP-AB9DB5FA.EXE 4972 XP-AB9DB5FA.EXE -
Loads dropped DLL 64 IoCs
pid Process 832 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe 832 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe 832 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe 832 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe 832 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe 832 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe 2724 XP-AB9DB5FA.EXE 2724 XP-AB9DB5FA.EXE 2724 XP-AB9DB5FA.EXE 2724 XP-AB9DB5FA.EXE 2724 XP-AB9DB5FA.EXE 2724 XP-AB9DB5FA.EXE 2912 XP-AB9DB5FA.EXE 2912 XP-AB9DB5FA.EXE 2912 XP-AB9DB5FA.EXE 2912 XP-AB9DB5FA.EXE 2912 XP-AB9DB5FA.EXE 2912 XP-AB9DB5FA.EXE 2348 XP-AB9DB5FA.EXE 2348 XP-AB9DB5FA.EXE 2348 XP-AB9DB5FA.EXE 2348 XP-AB9DB5FA.EXE 2348 XP-AB9DB5FA.EXE 2348 XP-AB9DB5FA.EXE 2340 XP-AB9DB5FA.EXE 2340 XP-AB9DB5FA.EXE 2340 XP-AB9DB5FA.EXE 2340 XP-AB9DB5FA.EXE 2340 XP-AB9DB5FA.EXE 2340 XP-AB9DB5FA.EXE 2768 XP-AB9DB5FA.EXE 2768 XP-AB9DB5FA.EXE 2768 XP-AB9DB5FA.EXE 2768 XP-AB9DB5FA.EXE 2768 XP-AB9DB5FA.EXE 2768 XP-AB9DB5FA.EXE 2088 XP-AB9DB5FA.EXE 2088 XP-AB9DB5FA.EXE 2088 XP-AB9DB5FA.EXE 2088 XP-AB9DB5FA.EXE 2088 XP-AB9DB5FA.EXE 2088 XP-AB9DB5FA.EXE 1544 XP-AB9DB5FA.EXE 1544 XP-AB9DB5FA.EXE 1544 XP-AB9DB5FA.EXE 1544 XP-AB9DB5FA.EXE 1544 XP-AB9DB5FA.EXE 1544 XP-AB9DB5FA.EXE 2028 XP-AB9DB5FA.EXE 2028 XP-AB9DB5FA.EXE 2028 XP-AB9DB5FA.EXE 2028 XP-AB9DB5FA.EXE 2028 XP-AB9DB5FA.EXE 2028 XP-AB9DB5FA.EXE 1752 XP-AB9DB5FA.EXE 1752 XP-AB9DB5FA.EXE 1752 XP-AB9DB5FA.EXE 1752 XP-AB9DB5FA.EXE 1752 XP-AB9DB5FA.EXE 1752 XP-AB9DB5FA.EXE 2544 XP-AB9DB5FA.EXE 2544 XP-AB9DB5FA.EXE 2544 XP-AB9DB5FA.EXE 2544 XP-AB9DB5FA.EXE -
Writes to the Master Boot Record (MBR) 1 TTPs 56 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE File opened for modification \??\PhysicalDrive0 XP-AB9DB5FA.EXE -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\XP-AB9DB5FA.EXE 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\XP-AB9DB5FA.EXE 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f44471a0359723fa74489c55595fe6b30ee0000 explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" explorer.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 832 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe 832 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe 832 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe 832 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe 832 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe 832 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe 2724 XP-AB9DB5FA.EXE 2724 XP-AB9DB5FA.EXE 2724 XP-AB9DB5FA.EXE 2724 XP-AB9DB5FA.EXE 2724 XP-AB9DB5FA.EXE 2724 XP-AB9DB5FA.EXE 2912 XP-AB9DB5FA.EXE 2912 XP-AB9DB5FA.EXE 2912 XP-AB9DB5FA.EXE 2912 XP-AB9DB5FA.EXE 2912 XP-AB9DB5FA.EXE 2912 XP-AB9DB5FA.EXE 2348 XP-AB9DB5FA.EXE 2348 XP-AB9DB5FA.EXE 2348 XP-AB9DB5FA.EXE 2348 XP-AB9DB5FA.EXE 2348 XP-AB9DB5FA.EXE 2348 XP-AB9DB5FA.EXE 2340 XP-AB9DB5FA.EXE 2340 XP-AB9DB5FA.EXE 2340 XP-AB9DB5FA.EXE 2340 XP-AB9DB5FA.EXE 2340 XP-AB9DB5FA.EXE 2340 XP-AB9DB5FA.EXE 2768 XP-AB9DB5FA.EXE 2768 XP-AB9DB5FA.EXE 2768 XP-AB9DB5FA.EXE 2768 XP-AB9DB5FA.EXE 2768 XP-AB9DB5FA.EXE 2768 XP-AB9DB5FA.EXE 2088 XP-AB9DB5FA.EXE 2088 XP-AB9DB5FA.EXE 2088 XP-AB9DB5FA.EXE 2088 XP-AB9DB5FA.EXE 2088 XP-AB9DB5FA.EXE 2088 XP-AB9DB5FA.EXE 1544 XP-AB9DB5FA.EXE 1544 XP-AB9DB5FA.EXE 1544 XP-AB9DB5FA.EXE 1544 XP-AB9DB5FA.EXE 1544 XP-AB9DB5FA.EXE 1544 XP-AB9DB5FA.EXE 2028 XP-AB9DB5FA.EXE 2028 XP-AB9DB5FA.EXE 2028 XP-AB9DB5FA.EXE 2028 XP-AB9DB5FA.EXE 2028 XP-AB9DB5FA.EXE 2028 XP-AB9DB5FA.EXE 1752 XP-AB9DB5FA.EXE 1752 XP-AB9DB5FA.EXE 1752 XP-AB9DB5FA.EXE 1752 XP-AB9DB5FA.EXE 1752 XP-AB9DB5FA.EXE 1752 XP-AB9DB5FA.EXE 2544 XP-AB9DB5FA.EXE 2544 XP-AB9DB5FA.EXE 2544 XP-AB9DB5FA.EXE 2544 XP-AB9DB5FA.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 832 wrote to memory of 2996 832 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe 28 PID 832 wrote to memory of 2996 832 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe 28 PID 832 wrote to memory of 2996 832 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe 28 PID 832 wrote to memory of 2996 832 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe 28 PID 832 wrote to memory of 2724 832 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe 30 PID 832 wrote to memory of 2724 832 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe 30 PID 832 wrote to memory of 2724 832 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe 30 PID 832 wrote to memory of 2724 832 068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe 30 PID 2724 wrote to memory of 2688 2724 XP-AB9DB5FA.EXE 31 PID 2724 wrote to memory of 2688 2724 XP-AB9DB5FA.EXE 31 PID 2724 wrote to memory of 2688 2724 XP-AB9DB5FA.EXE 31 PID 2724 wrote to memory of 2688 2724 XP-AB9DB5FA.EXE 31 PID 2724 wrote to memory of 2912 2724 XP-AB9DB5FA.EXE 32 PID 2724 wrote to memory of 2912 2724 XP-AB9DB5FA.EXE 32 PID 2724 wrote to memory of 2912 2724 XP-AB9DB5FA.EXE 32 PID 2724 wrote to memory of 2912 2724 XP-AB9DB5FA.EXE 32 PID 2912 wrote to memory of 2692 2912 XP-AB9DB5FA.EXE 34 PID 2912 wrote to memory of 2692 2912 XP-AB9DB5FA.EXE 34 PID 2912 wrote to memory of 2692 2912 XP-AB9DB5FA.EXE 34 PID 2912 wrote to memory of 2692 2912 XP-AB9DB5FA.EXE 34 PID 2912 wrote to memory of 2348 2912 XP-AB9DB5FA.EXE 35 PID 2912 wrote to memory of 2348 2912 XP-AB9DB5FA.EXE 35 PID 2912 wrote to memory of 2348 2912 XP-AB9DB5FA.EXE 35 PID 2912 wrote to memory of 2348 2912 XP-AB9DB5FA.EXE 35 PID 2348 wrote to memory of 884 2348 XP-AB9DB5FA.EXE 37 PID 2348 wrote to memory of 884 2348 XP-AB9DB5FA.EXE 37 PID 2348 wrote to memory of 884 2348 XP-AB9DB5FA.EXE 37 PID 2348 wrote to memory of 884 2348 XP-AB9DB5FA.EXE 37 PID 2348 wrote to memory of 2340 2348 XP-AB9DB5FA.EXE 39 PID 2348 wrote to memory of 2340 2348 XP-AB9DB5FA.EXE 39 PID 2348 wrote to memory of 2340 2348 XP-AB9DB5FA.EXE 39 PID 2348 wrote to memory of 2340 2348 XP-AB9DB5FA.EXE 39 PID 2340 wrote to memory of 1160 2340 XP-AB9DB5FA.EXE 40 PID 2340 wrote to memory of 1160 2340 XP-AB9DB5FA.EXE 40 PID 2340 wrote to memory of 1160 2340 XP-AB9DB5FA.EXE 40 PID 2340 wrote to memory of 1160 2340 XP-AB9DB5FA.EXE 40 PID 2340 wrote to memory of 2768 2340 XP-AB9DB5FA.EXE 42 PID 2340 wrote to memory of 2768 2340 XP-AB9DB5FA.EXE 42 PID 2340 wrote to memory of 2768 2340 XP-AB9DB5FA.EXE 42 PID 2340 wrote to memory of 2768 2340 XP-AB9DB5FA.EXE 42 PID 2768 wrote to memory of 1168 2768 XP-AB9DB5FA.EXE 43 PID 2768 wrote to memory of 1168 2768 XP-AB9DB5FA.EXE 43 PID 2768 wrote to memory of 1168 2768 XP-AB9DB5FA.EXE 43 PID 2768 wrote to memory of 1168 2768 XP-AB9DB5FA.EXE 43 PID 2768 wrote to memory of 2088 2768 XP-AB9DB5FA.EXE 45 PID 2768 wrote to memory of 2088 2768 XP-AB9DB5FA.EXE 45 PID 2768 wrote to memory of 2088 2768 XP-AB9DB5FA.EXE 45 PID 2768 wrote to memory of 2088 2768 XP-AB9DB5FA.EXE 45 PID 2088 wrote to memory of 2408 2088 XP-AB9DB5FA.EXE 46 PID 2088 wrote to memory of 2408 2088 XP-AB9DB5FA.EXE 46 PID 2088 wrote to memory of 2408 2088 XP-AB9DB5FA.EXE 46 PID 2088 wrote to memory of 2408 2088 XP-AB9DB5FA.EXE 46 PID 2088 wrote to memory of 1544 2088 XP-AB9DB5FA.EXE 47 PID 2088 wrote to memory of 1544 2088 XP-AB9DB5FA.EXE 47 PID 2088 wrote to memory of 1544 2088 XP-AB9DB5FA.EXE 47 PID 2088 wrote to memory of 1544 2088 XP-AB9DB5FA.EXE 47 PID 1544 wrote to memory of 3012 1544 XP-AB9DB5FA.EXE 49 PID 1544 wrote to memory of 3012 1544 XP-AB9DB5FA.EXE 49 PID 1544 wrote to memory of 3012 1544 XP-AB9DB5FA.EXE 49 PID 1544 wrote to memory of 3012 1544 XP-AB9DB5FA.EXE 49 PID 1544 wrote to memory of 2028 1544 XP-AB9DB5FA.EXE 50 PID 1544 wrote to memory of 2028 1544 XP-AB9DB5FA.EXE 50 PID 1544 wrote to memory of 2028 1544 XP-AB9DB5FA.EXE 50 PID 1544 wrote to memory of 2028 1544 XP-AB9DB5FA.EXE 50
Processes
-
C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:832 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Users\Admin\AppData\Local\Temp\068cd7ee76ccad7b61a72b3a4ce93425_JaffaCakes1182⤵PID:2996
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE2⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2724 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA3⤵PID:2688
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA4⤵PID:2692
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE4⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2348 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA5⤵PID:884
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE5⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2340 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA6⤵PID:1160
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE6⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2768 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA7⤵PID:1168
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE7⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2088 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA8⤵PID:2408
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE8⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1544 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA9⤵PID:3012
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE9⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:2028 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA10⤵PID:2016
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE10⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:1752 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA11⤵PID:1696
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE11⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:2544 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA12⤵PID:2636
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE12⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:2796 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA13⤵PID:2448
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE13⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:1536 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA14⤵PID:2552
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE14⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:2396 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA15⤵PID:1996
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE15⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:2820 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA16⤵PID:488
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE16⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:832 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA17⤵PID:2400
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE17⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:2344 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA18⤵PID:564
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE18⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:2092 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA19⤵PID:2916
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE19⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:2372 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA20⤵PID:2716
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE20⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:2636 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA21⤵PID:1848
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE21⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:1756 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA22⤵PID:2812
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE22⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:2284 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA23⤵PID:1092
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE23⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:348 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA24⤵PID:2212
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE24⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:564 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA25⤵PID:2732
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE25⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:1748 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA26⤵PID:636
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE26⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:2552 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA27⤵PID:2724
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE27⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:2348 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA28⤵PID:1696
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE28⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:2664 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA29⤵PID:2368
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE29⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:3032 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA30⤵PID:2572
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE30⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:2220 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA31⤵PID:2420
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE31⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:2496 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA32⤵PID:1672
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE32⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:2264 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA33⤵PID:2636
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE33⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:3100 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA34⤵PID:3200
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE34⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:3244 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA35⤵PID:3340
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE35⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:3392 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA36⤵PID:3472
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE36⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:3540 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA37⤵PID:3644
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE37⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:3692 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA38⤵PID:3780
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE38⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:3824 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA39⤵PID:3920
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE39⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:3968 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA40⤵PID:4064
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE40⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:3076 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA41⤵PID:3256
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE41⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:3228 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA42⤵PID:3104
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE42⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:3568 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA43⤵PID:3668
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE43⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:3832 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA44⤵PID:4000
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE44⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:4056 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA45⤵PID:3212
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE45⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:3328 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA46⤵PID:3512
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE46⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:3448 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA47⤵PID:1004
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE47⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:3988 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA48⤵PID:3100
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE48⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:3476 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA49⤵PID:3948
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE49⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:3200 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA50⤵PID:4000
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE50⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:4104 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA51⤵PID:4168
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE51⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:4200 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA52⤵PID:4296
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE52⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:4332 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA53⤵PID:4408
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE53⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:4444 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA54⤵PID:4540
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE54⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:4588 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA55⤵PID:4668
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE55⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:4708 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA56⤵PID:4796
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE56⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:4836 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA57⤵PID:4932
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE57⤵
- Executes dropped EXE
PID:4972 -
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA58⤵PID:5084
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE58⤵PID:4120
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA59⤵PID:4340
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE59⤵PID:4320
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA60⤵PID:3204
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE60⤵PID:4544
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA61⤵PID:4860
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE61⤵PID:4796
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA62⤵PID:4176
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE62⤵PID:4836
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA63⤵PID:4464
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE63⤵PID:4604
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA64⤵PID:1736
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE64⤵PID:4544
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA65⤵PID:4124
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE65⤵PID:2500
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA66⤵PID:4980
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE66⤵PID:5132
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA67⤵PID:5196
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE67⤵PID:5232
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA68⤵PID:5328
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE68⤵PID:5372
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA69⤵PID:5448
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE69⤵PID:5496
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA70⤵PID:5580
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE70⤵PID:5616
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA71⤵PID:5692
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE71⤵PID:5740
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA72⤵PID:5824
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE72⤵PID:5872
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA73⤵PID:5948
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE73⤵PID:5988
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA74⤵PID:6068
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE74⤵PID:6116
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA75⤵PID:4332
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE75⤵PID:1016
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA76⤵PID:5332
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE76⤵PID:5556
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA77⤵PID:5592
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE77⤵PID:5804
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA78⤵PID:5996
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE78⤵PID:5964
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA79⤵PID:5212
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE79⤵PID:4980
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA80⤵PID:1096
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE80⤵PID:5752
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA81⤵PID:6128
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE81⤵PID:5392
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA82⤵PID:5912
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE82⤵PID:5996
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA83⤵PID:6168
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE83⤵PID:6216
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA84⤵PID:6304
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE84⤵PID:6344
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA85⤵PID:6436
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE85⤵PID:6472
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA86⤵PID:6564
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE86⤵PID:6604
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA87⤵PID:6680
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE87⤵PID:6724
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA88⤵PID:6820
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE88⤵PID:6856
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA89⤵PID:6936
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE89⤵PID:6976
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA90⤵PID:7068
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE90⤵PID:7108
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA91⤵PID:5236
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE91⤵PID:6272
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA92⤵PID:6408
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE92⤵PID:928
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA93⤵PID:6532
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE93⤵PID:6560
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA94⤵PID:6788
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE94⤵PID:6908
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA95⤵PID:6936
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE95⤵PID:7164
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA96⤵PID:5964
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE96⤵PID:7112
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA97⤵PID:2100
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE97⤵PID:2272
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA98⤵PID:5064
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE98⤵PID:7040
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA99⤵PID:588
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE99⤵PID:7092
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA100⤵PID:2992
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE100⤵PID:1140
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA101⤵PID:5236
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE101⤵PID:6612
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA102⤵PID:4720
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE102⤵PID:904
-
C:\Windows\SysWOW64\explorer.exeexplorer C:\Windows\SysWOW64\XP-AB9DB5FA103⤵PID:2720
-
-
C:\Windows\SysWOW64\XP-AB9DB5FA.EXEC:\Windows\system32\XP-AB9DB5FA.EXE103⤵PID:4688
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:2456
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:2152
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:2260
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies registry class
PID:1772
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:1952
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies registry class
PID:1716
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:288
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:2888
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:2532
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:2172
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
PID:2996
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:2000
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:704
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:2164
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:616
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:1320
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
PID:872
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:2764
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:2980
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:2760
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:1660
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
PID:1528
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:2904
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:2752
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
PID:2304
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:1536
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:2284
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
PID:2084
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
PID:1816
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:880
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:1800
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:3092
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:3236
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:3384
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:3528
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:3684
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
PID:3816
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
PID:3960
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:2220
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:3220
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:3560
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:3788
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:3924
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
PID:2420
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies registry class
PID:3556
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies registry class
PID:3940
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
PID:3516
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:2572
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:3948
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:4192
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
PID:4324
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:4436
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies registry class
PID:4580
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:4700
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:4828
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:4964
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:4112
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:4104
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:4556
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:4820
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:5084
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:4120
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:4972
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:4876
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:5124
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:5224
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:5364
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:5484
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:5608
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:5732
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:5864
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:5980
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:6108
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:5296
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:5512
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:5684
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:5976
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:5248
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:5580
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:5332
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:5804
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:6208
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:6332
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:6464
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:6596
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:6716
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:6848
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:6968
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:7100
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:6232
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:964
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:6656
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:6608
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:6860
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:6492
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:2620
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:1664
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:7160
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:6304
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:3012
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:2312
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:2484
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
212KB
MD56e3ec5fe87effed87d55924a23ca9650
SHA1d8f034c7718392b2dcc9f1f5db95897a0541fe77
SHA256da5d04c64e050b03787ee0030924b69c6d453e3c25a20dcbbd42d5306d781686
SHA5126f81a21db936300441d2e02cbf622214b3f2ec316de6778d78d2223c13690de8fc664c91428ef01275f2992444a2548fcf9225228a0eccde1d1e2beb8793c760
-
Filesize
316KB
MD5e0225b4ad23c539fa3cf1b27e4ef627c
SHA1ce617a0e151f6766cab134b0ab28b7de18fd549f
SHA256cdbbaf98e06893a905bfb981a4750696391f9333d01d87b5b0e598f74ec59e17
SHA512cb92755473a2df7976e3298d13a46e306a74027e5c87190f48c43858e9b9ba328d63693054dcf34fbedff1a71aa3e95ed4ee4cceab3fd9782a2a0238613f990f
-
Filesize
180KB
MD585c448c7154fe3a00a9e9ddcce9e9e41
SHA1d66e6a901e1ac3562fa1fce41cb062f11a9797ab
SHA2567c8dbc49ce55b1bc4e770cf5a2f873afbc7a5476fd7f556a0f2204057d1b3ab5
SHA512079f8906abb4f90e50125e91f395845679dcaaefa3a2d75b9fe789937591f6d9198a9370228e2e90aaaf995c94661049e3f065a54462ab1d07ac2c79e0abf494
-
Filesize
72KB
MD5f479b1f6af04850db6725b5ac697ab6c
SHA112459d253cc6c48ebfb46cdd25eed2467d042eb6
SHA256318b07ff4125420e5103f7c144ef5d426164c7d4946b86c1758b1f24631950a0
SHA5126ecb2e838404690674e5c3cf90c9eb8008414e0b108733b004f9e11e11c51415ac50fc6353690a465be5e25d97ec45a0544935416675e3d376ec7184d4a2a0ec
-
Filesize
264KB
MD5007eb5c8194d1e8e4c30ce6132183a00
SHA1dffbed87c6f77a7d1ad5c1830f5d830a87f02453
SHA256c32771df076af7b332ac02831ae5a21a0117ff83a72ca91a99efcb00d70f1540
SHA512bd45f45c907bba753afea4dfc7fb0a75794cca1bb751f7b8446e6d830c858a1d4c8660a8a07f41554024a6e431a43432383519eab326b0273e1b1ec71398a84b
-
Filesize
112KB
MD5a1c93d806f4be79b034092b6191444ca
SHA1be806eeca83fcbff3460e6547bfa045a5c67094a
SHA256c4277e3123f6d1413f8d605e0ee3ae4c50ef67d4bacebc866938d572ed5373ed
SHA512c1e6b6a6f640c0dcc0920d25a0b0a36ad02f9b0f7134966a924615354e5eb3e6914572491ce772621023293bad6cc1a0d392da2bf3dca8178b17d9a714dc2a31
-
Filesize
1.0MB
MD5c607573928aa8bff7fe6b997f8979da7
SHA16744d3a000177467b5c1e020ac763a4c6f5e8cd7
SHA2567cebaf36a296b1d3ad581f6ae04defc186c45c930f284836d8fb81ef63beef91
SHA5128ffdfbea84db9cb47cf09183d2c39d102d92c9e88cde2307b0925525043e5a453ab0505b2fdb3aa85e692aaf42cbd2b4a78c168b6c879952b8f3f99632da0112
-
Filesize
40KB
MD5d0af2e435bc19d8c75bfe4e5f7488e0a
SHA1361c9bab7c187191d7812c0edc564e7236a00ba7
SHA2566ea109725c4b51c85abf8ac2f7a22b7206cc5626899f0efdddbf778fd43af458
SHA512530208da67a6b452c9acc5d58d70dc729c5aeeb9ba66d6c75b2980f55355dbc31239c7c38c35652b1fd6f70348e937e43f5337c28620cb36f90d39bce2d6a6d0
-
Filesize
1.5MB
MD5068cd7ee76ccad7b61a72b3a4ce93425
SHA17d3057f6dd1b1ab8dd8de4927e75def2af1ad860
SHA2562e710d253330193e485d010ab35d2d029f6278d8130a59e4f7aed0653174ffdf
SHA51294a0b4174476072e30996b27adc02d25dd01e534777ec0ccb7c2d8d5d8362786bea851b6979135119472a4f185d022df39f021bd6d77e3652a8547f6ec7746cc