88c3bef2b165566d6c3754b28b97136635f8607d14c2b1d3acba58775bb54bf9

Analysis

max time kernel
6s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 11:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe
Size

1.4MB
MD5

3471559d03285d0a137fd49a35dff65f
SHA1

87c54386b8d06389e0c24238a312144976ff7fe4
SHA256

88c3bef2b165566d6c3754b28b97136635f8607d14c2b1d3acba58775bb54bf9
SHA512

efc9472e376a16ff0dc05995e32ff5c4a14164ad609dd24fa8ebb98d39cf4e083a9c6fac618b747eab44ba160e66c782386b9da65a081950a1170d15853741d9
SSDEEP

24576:EvOte8kvO25n5awhvTVAeXXjvK1PDZEZx6u53MHmhF7VdNO0l2uaaUVP7MoJOwuu:ETZXzvJZxT530+1V/flfaaUVfOwuD3W1

Score

7^/10

bootkit persistence

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
4584	BFA1C7.EXE
1848	BFA1C7.EXE
4720	BFA1C7.EXE
1540	BFA1C7.EXE
3248	BFA1C7.EXE
2864	BFA1C7.EXE
4724	BFA1C7.EXE

Loads dropped DLL 49 IoCs

pid	Process
2332	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe
2332	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe
2332	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe
2332	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe
2332	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe
2332	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe
2332	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe
4584	BFA1C7.EXE
4584	BFA1C7.EXE
4584	BFA1C7.EXE
4584	BFA1C7.EXE
4584	BFA1C7.EXE
4584	BFA1C7.EXE
4584	BFA1C7.EXE
1848	BFA1C7.EXE
1848	BFA1C7.EXE
1848	BFA1C7.EXE
1848	BFA1C7.EXE
1848	BFA1C7.EXE
1848	BFA1C7.EXE
1848	BFA1C7.EXE
4720	BFA1C7.EXE
4720	BFA1C7.EXE
4720	BFA1C7.EXE
4720	BFA1C7.EXE
4720	BFA1C7.EXE
4720	BFA1C7.EXE
4720	BFA1C7.EXE
1540	BFA1C7.EXE
1540	BFA1C7.EXE
1540	BFA1C7.EXE
1540	BFA1C7.EXE
1540	BFA1C7.EXE
1540	BFA1C7.EXE
1540	BFA1C7.EXE
3248	BFA1C7.EXE
3248	BFA1C7.EXE
3248	BFA1C7.EXE
3248	BFA1C7.EXE
3248	BFA1C7.EXE
3248	BFA1C7.EXE
3248	BFA1C7.EXE
2864	BFA1C7.EXE
2864	BFA1C7.EXE
2864	BFA1C7.EXE
2864	BFA1C7.EXE
2864	BFA1C7.EXE
2864	BFA1C7.EXE
2864	BFA1C7.EXE

Writes to the Master Boot Record (MBR) 1 TTPs 7 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe
File opened for modification	\??\PhysicalDrive0	BFA1C7.EXE
File opened for modification	\??\PhysicalDrive0	BFA1C7.EXE
File opened for modification	\??\PhysicalDrive0	BFA1C7.EXE
File opened for modification	\??\PhysicalDrive0	BFA1C7.EXE
File opened for modification	\??\PhysicalDrive0	BFA1C7.EXE
File opened for modification	\??\PhysicalDrive0	BFA1C7.EXE

Drops file in System32 directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\046D17	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\70B97F	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\497A92	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\046D17\BFA1C7.EXE	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\046D17\BFA1C7.EXE	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 14 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe

Modifies registry class 51 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4744	explorer.exe

Suspicious use of SetWindowsHookEx 50 IoCs

pid	Process
2332	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe
2332	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe
2332	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe
2332	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe
2332	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe
2332	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe
4584	BFA1C7.EXE
4584	BFA1C7.EXE
4584	BFA1C7.EXE
4584	BFA1C7.EXE
4584	BFA1C7.EXE
4584	BFA1C7.EXE
1848	BFA1C7.EXE
1848	BFA1C7.EXE
1848	BFA1C7.EXE
1848	BFA1C7.EXE
1848	BFA1C7.EXE
1848	BFA1C7.EXE
4744	explorer.exe
4744	explorer.exe
4720	BFA1C7.EXE
4720	BFA1C7.EXE
4720	BFA1C7.EXE
4720	BFA1C7.EXE
4720	BFA1C7.EXE
4720	BFA1C7.EXE
4516	explorer.exe
4516	explorer.exe
1540	BFA1C7.EXE
1540	BFA1C7.EXE
1540	BFA1C7.EXE
1540	BFA1C7.EXE
1540	BFA1C7.EXE
1540	BFA1C7.EXE
3248	BFA1C7.EXE
3248	BFA1C7.EXE
3248	BFA1C7.EXE
3248	BFA1C7.EXE
3248	BFA1C7.EXE
3248	BFA1C7.EXE
2092	explorer.exe
2092	explorer.exe
2864	BFA1C7.EXE
2864	BFA1C7.EXE
2864	BFA1C7.EXE
2864	BFA1C7.EXE
2864	BFA1C7.EXE
688	explorer.exe
688	explorer.exe
2864	BFA1C7.EXE

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 3516	2332	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe	85
PID 2332 wrote to memory of 3516	2332	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe	85
PID 2332 wrote to memory of 3516	2332	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe	85
PID 2332 wrote to memory of 4584	2332	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe	87
PID 2332 wrote to memory of 4584	2332	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe	87
PID 2332 wrote to memory of 4584	2332	3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe	87
PID 4584 wrote to memory of 2476	4584	BFA1C7.EXE	88
PID 4584 wrote to memory of 2476	4584	BFA1C7.EXE	88
PID 4584 wrote to memory of 2476	4584	BFA1C7.EXE	88
PID 4584 wrote to memory of 1848	4584	BFA1C7.EXE	89
PID 4584 wrote to memory of 1848	4584	BFA1C7.EXE	89
PID 4584 wrote to memory of 1848	4584	BFA1C7.EXE	89
PID 1848 wrote to memory of 1444	1848	BFA1C7.EXE	91
PID 1848 wrote to memory of 1444	1848	BFA1C7.EXE	91
PID 1848 wrote to memory of 1444	1848	BFA1C7.EXE	91
PID 1848 wrote to memory of 4720	1848	BFA1C7.EXE	127
PID 1848 wrote to memory of 4720	1848	BFA1C7.EXE	127
PID 1848 wrote to memory of 4720	1848	BFA1C7.EXE	127
PID 4720 wrote to memory of 3284	4720	BFA1C7.EXE	249
PID 4720 wrote to memory of 3284	4720	BFA1C7.EXE	249
PID 4720 wrote to memory of 3284	4720	BFA1C7.EXE	249
PID 4720 wrote to memory of 1540	4720	BFA1C7.EXE	95
PID 4720 wrote to memory of 1540	4720	BFA1C7.EXE	95
PID 4720 wrote to memory of 1540	4720	BFA1C7.EXE	95
PID 1540 wrote to memory of 4396	1540	BFA1C7.EXE	125
PID 1540 wrote to memory of 4396	1540	BFA1C7.EXE	125
PID 1540 wrote to memory of 4396	1540	BFA1C7.EXE	125
PID 1540 wrote to memory of 3248	1540	BFA1C7.EXE	98
PID 1540 wrote to memory of 3248	1540	BFA1C7.EXE	98
PID 1540 wrote to memory of 3248	1540	BFA1C7.EXE	98
PID 3248 wrote to memory of 1580	3248	BFA1C7.EXE	100
PID 3248 wrote to memory of 1580	3248	BFA1C7.EXE	100
PID 3248 wrote to memory of 1580	3248	BFA1C7.EXE	100
PID 3248 wrote to memory of 2864	3248	BFA1C7.EXE	101
PID 3248 wrote to memory of 2864	3248	BFA1C7.EXE	101
PID 3248 wrote to memory of 2864	3248	BFA1C7.EXE	101
PID 2864 wrote to memory of 4468	2864	BFA1C7.EXE	130
PID 2864 wrote to memory of 4468	2864	BFA1C7.EXE	130
PID 2864 wrote to memory of 4468	2864	BFA1C7.EXE	130
PID 2864 wrote to memory of 4724	2864	BFA1C7.EXE	104
PID 2864 wrote to memory of 4724	2864	BFA1C7.EXE	104
PID 2864 wrote to memory of 4724	2864	BFA1C7.EXE	104

C:\Users\Admin\AppData\Local\Temp\3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3471559d03285d0a137fd49a35dff65f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Windows\SysWOW64\explorer.exe
  explorer C:\Users\Admin\AppData\Local\Temp\3471559d03285d0a137fd49a35dff65f_JaffaCakes118
  2⤵
  PID:3516
- C:\Windows\SysWOW64\046D17\BFA1C7.EXE
  C:\Windows\system32\046D17\BFA1C7.EXE
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4584
- - C:\Windows\SysWOW64\explorer.exe
    explorer C:\Windows\SysWOW64\046D17\BFA1C7
    3⤵
    PID:2476
- - C:\Windows\SysWOW64\046D17\BFA1C7.EXE
    C:\Windows\system32\046D17\BFA1C7.EXE
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Writes to the Master Boot Record (MBR)
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1848
  - - C:\Windows\SysWOW64\explorer.exe
      explorer C:\Windows\SysWOW64\046D17\BFA1C7
      4⤵
      PID:1444
  - - C:\Windows\SysWOW64\046D17\BFA1C7.EXE
      C:\Windows\system32\046D17\BFA1C7.EXE
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4720
    - - C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        5⤵
        
        PID:3284
    - - C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1540
      - C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        6⤵
        
        PID:4396
      - C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3248
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        7⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2864
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        8⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        8⤵
        Executes dropped EXE
        
        PID:4724
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        9⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        9⤵
        
        PID:208
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        10⤵
        
        PID:636
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        10⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        11⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        11⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        12⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        12⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        13⤵
        
        PID:3236
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        13⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        14⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        14⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        15⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        15⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        16⤵
        
        PID:3252
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        16⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        17⤵
        
        PID:340
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        17⤵
        
        PID:3828
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        18⤵
        
        PID:3788
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        18⤵
        
        PID:3488
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        19⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        19⤵
        
        PID:3392
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        20⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        20⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        21⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        21⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        22⤵
        
        PID:1016
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        22⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        23⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        23⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        24⤵
        
        PID:3108
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        24⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        25⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        25⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        26⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        26⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        27⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        27⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        28⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        28⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        29⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        29⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        30⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        30⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        31⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        31⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        32⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        32⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        33⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        33⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        34⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        34⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        35⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        35⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        36⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        36⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        37⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        37⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        38⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        38⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        39⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        39⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        40⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        40⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        41⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        41⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        42⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        42⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        43⤵
        
        PID:748
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        43⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        44⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        44⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        45⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        45⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        46⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        46⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        47⤵
        
        PID:932
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        47⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        48⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        48⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        49⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        49⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        50⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        50⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        51⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        51⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        52⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        52⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        53⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        53⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        54⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        54⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        55⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        55⤵
        
        PID:3284
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        56⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        56⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        57⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        57⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        58⤵
        
        PID:1228
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        58⤵
        
        PID:1320
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        59⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        59⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        60⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        60⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        61⤵
        
        PID:2360
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        61⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        62⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        62⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        63⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        63⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        64⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        64⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        65⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        65⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        66⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        66⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        67⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        67⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        68⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        68⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        69⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        69⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        70⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        70⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        71⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        71⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        72⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        72⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        73⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        73⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        74⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        74⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        75⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        75⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        76⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        76⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        77⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        77⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        78⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        78⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        79⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        79⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        80⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        80⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        81⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        81⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        82⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        82⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        83⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        83⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        84⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        84⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        85⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        85⤵
        
        PID:552
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        86⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        86⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        87⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        87⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        88⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        88⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        89⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        89⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        90⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        90⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        91⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        91⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        92⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        92⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        93⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        93⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        94⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        94⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        95⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        95⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        96⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        96⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        97⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        97⤵
        
        PID:1904
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        98⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        98⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        99⤵
        
        PID:1080
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        99⤵
        
        PID:4024
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        100⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        100⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        101⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        101⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        102⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        102⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        103⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        103⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        104⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        104⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        105⤵
        
        PID:892
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        105⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        106⤵
        
        PID:3436
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        106⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\explorer.exe
        
        explorer C:\Windows\SysWOW64\046D17\BFA1C7
        107⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\046D17\BFA1C7.EXE
        
        C:\Windows\system32\046D17\BFA1C7.EXE
        107⤵
        
        PID:9316

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4744

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4516

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:688

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies registry class
PID:3472

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies registry class
PID:3232

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1940

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:796

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3280

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:436

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2664

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:776

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3540

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4720

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4468

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:332

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3724

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3452

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3112

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4636

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1680

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2040

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2860

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3308

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2836

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1256

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:988

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5160

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5332

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5536

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5736

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5920

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6092

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5356

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5176

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5944

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6076

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4512

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5168

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2256

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4728

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5688

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2264

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4048

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3036

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3492

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6300

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6432

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6584

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6768

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6908

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7164

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4972

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6320

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6508

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2676

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2708

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5532

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6544

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5588

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5972

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6188

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2572

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1084

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7316

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7508

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7632

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7800

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7976

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8108

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3924

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7260

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1568

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7780

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8164

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8136

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7304

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6408

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7744

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8052

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3480

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6732

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7312

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5292

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8392

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8604

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8720

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8884

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:9044

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:9192

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6048

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8576

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4472

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7680

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:9144

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8612

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8528

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:4668

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:6088

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:9152

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8976

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:7760

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3496

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8632

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:8304

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:9304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\E_4\RegEx.fnr

Filesize
212KB

MD5
86a24830826fb6ec43756a3cec45e180

SHA1
191b4cba3f1fe657f68e1474d94c3ce6867035cc

SHA256
73a0e179a4676b6d5ffaf0306e999fad201c588847acbf072a0448c157163eb3

SHA512
c3246434d10ebd26b66b6067cf118ce941cfa31677b180826a915c661e310b0b514cb1b9882fdaf1aeba7aaf70b19a2e8291f14b9066ec0d29a1d6d44378f431

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\com.run

Filesize
264KB

MD5
2f31a4260cf89c3ed00a6d455ce1ec1a

SHA1
030a3f68141062b7e6c5ef9c4ba221967443b62b

SHA256
201173bf95b4a096b15835203ef271004aee5e6a18c99d9ab0f3aa92e70b53ee

SHA512
94fa0c1b57d229489f82789ecaa88010352f497f256ea8d77524bf1ce3a0aa5096dd08ff2ea5e9e15c0bfcfee43d96736e14ffaa35de6f8d77d3b94d6d252e61

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\dp1.fne

Filesize
112KB

MD5
c846eeab065cb2fc23e128a832197057

SHA1
5ab50cc5490b5e8009496db0a8796fec62b687bb

SHA256
eaef2da2cd5463291a02dbb73a25a2e0e9034691e21cbd9e69e52ee483eebbf7

SHA512
92047b2867193af531e83bb82ce9c16b09520f8e0b4f140887b217c88739ee4e59b970a273f01e34340b6f6a56e42e7b34862b630528717a9beecb9b117e58e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\eAPI.fne

Filesize
316KB

MD5
ab084d2267d7ab09a6bb3c8a09e093bb

SHA1
d30f41fd6b2c574e153d6b2c48adbaca6bd4a04a

SHA256
38b2b0ce08aa617bd2a541ce43e3d68f57a6199bd432dc80b12676a005f92758

SHA512
0509402d0b78d355fb0f81c34a4cc2817821ec0ce5476c8faa113a184f68e4a65b2c6289bc3e054ab52a451be34f8147e96b5130b24da9f01cbc17379e975d78

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\internet.fne

Filesize
180KB

MD5
b59dbbfc4c97ad6c19c12573bededcee

SHA1
82bdc09ef9218efc1bd370e9b24341c7fdeb424d

SHA256
71c010843f94da623636c4d42f26dbe28784774ce96381f78dc2deb0ae028c0e

SHA512
5f28df0dba218cf04af599ad351bd59de75b8f4f6eca4e6f38417fbc860e1280f2b2a8a361823a1a4c96082e08313530103728bc3af4ee73e90aeec8c1865be7

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr

Filesize
1.0MB

MD5
2eae38a1ddb969425dbd2a1203789f25

SHA1
7566a0c64025c510d4119dad99b0d27767217e47

SHA256
af1f382e9df00cfc710b7bfa677df2f275bd0f93c7e0ddc239930c1fa4d7e8b6

SHA512
25c4dd7bcad6a60e34ef9a5d8047822709a533eb49152f7d9d4981c3bd77bdb0687a2ab462c8586af1d7d305334993a2d81b89b1a63d63a1cac66c30489f5813

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\shell.fne

Filesize
40KB

MD5
08b6b94f403e703f09b7f685689aa586

SHA1
a8c759abc2c7fb20675809e1f600a6ee9101d958

SHA256
2c1ace790a79b5dfc61b763f019076edc7ad78dbadaef2638ba43558a34384e9

SHA512
8feb62641090f24fbd6ec18365af28bb57bd440aba11bf8fe651bbe5c50fbe9a70535618aee3b33a7e49a8e299dd68120abd1a2f9b5506e68e4619c688b7fc3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\spec.fne

Filesize
72KB

MD5
a6768c6f33ced9313532181750db9d7e

SHA1
b8c9873259c716c3c83374a8e2239388c3557362

SHA256
f0efe8b7e163754d59445040693b79551580bb49e0d29716d953596edf2aefde

SHA512
a0e592c88b07a18a127f4f45f01982a572889543622c570110a763a60f4b526ba8b0e99315ab1e1a6dc9b4d8484c98132df1fdbdeb5eea41496a8922f86789fb

Download Submit
C:\Windows\SysWOW64\046D17\BFA1C7.EXE

Filesize
1.4MB

MD5
3471559d03285d0a137fd49a35dff65f

SHA1
87c54386b8d06389e0c24238a312144976ff7fe4

SHA256
88c3bef2b165566d6c3754b28b97136635f8607d14c2b1d3acba58775bb54bf9

SHA512
efc9472e376a16ff0dc05995e32ff5c4a14164ad609dd24fa8ebb98d39cf4e083a9c6fac618b747eab44ba160e66c782386b9da65a081950a1170d15853741d9

Download Submit
memory/208-188-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/208-166-0x00000000022E0000-0x000000000232B000-memory.dmp

Filesize
300KB

Download
memory/208-168-0x0000000002910000-0x000000000292E000-memory.dmp

Filesize
120KB

Download
memory/208-187-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/208-167-0x0000000002760000-0x0000000002771000-memory.dmp

Filesize
68KB

Download
memory/208-165-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1540-154-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1540-155-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/1540-124-0x0000000002600000-0x0000000002611000-memory.dmp

Filesize
68KB

Download
memory/1540-116-0x00000000021B0000-0x00000000021FB000-memory.dmp

Filesize
300KB

Download
memory/1540-117-0x00000000021B0000-0x00000000021FB000-memory.dmp

Filesize
300KB

Download
memory/1540-113-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1540-125-0x0000000002620000-0x000000000263E000-memory.dmp

Filesize
120KB

Download
memory/1848-70-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1848-79-0x00000000026C0000-0x00000000026D1000-memory.dmp

Filesize
68KB

Download
memory/1848-134-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1848-80-0x00000000026E0000-0x00000000026FE000-memory.dmp

Filesize
120KB

Download
memory/1848-74-0x0000000002230000-0x000000000227B000-memory.dmp

Filesize
300KB

Download
memory/1848-135-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/1848-71-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/2080-179-0x00000000027B0000-0x00000000027C1000-memory.dmp

Filesize
68KB

Download
memory/2080-175-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/2080-197-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2080-178-0x00000000021E0000-0x000000000222B000-memory.dmp

Filesize
300KB

Download
memory/2080-198-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/2080-180-0x0000000002920000-0x000000000293E000-memory.dmp

Filesize
120KB

Download
memory/2332-95-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2332-96-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/2332-10-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/2332-17-0x00000000022E0000-0x000000000232B000-memory.dmp

Filesize
300KB

Download
memory/2332-24-0x0000000002620000-0x0000000002631000-memory.dmp

Filesize
68KB

Download
memory/2332-0-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2332-30-0x0000000002650000-0x000000000266E000-memory.dmp

Filesize
120KB

Download
memory/2444-206-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2444-185-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/2444-189-0x0000000002710000-0x0000000002721000-memory.dmp

Filesize
68KB

Download
memory/2444-190-0x0000000002730000-0x000000000274E000-memory.dmp

Filesize
120KB

Download
memory/2444-207-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/2444-186-0x0000000002330000-0x000000000237B000-memory.dmp

Filesize
300KB

Download
memory/2864-147-0x00000000022D0000-0x000000000231B000-memory.dmp

Filesize
300KB

Download
memory/2864-149-0x0000000002810000-0x000000000282E000-memory.dmp

Filesize
120KB

Download
memory/2864-148-0x00000000026E0000-0x00000000026F1000-memory.dmp

Filesize
68KB

Download
memory/2864-146-0x00000000022D0000-0x000000000231B000-memory.dmp

Filesize
300KB

Download
memory/2864-170-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/2864-169-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2864-143-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/2892-241-0x0000000002130000-0x000000000217B000-memory.dmp

Filesize
300KB

Download
memory/2892-238-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/3248-138-0x0000000002500000-0x000000000251E000-memory.dmp

Filesize
120KB

Download
memory/3248-137-0x00000000024E0000-0x00000000024F1000-memory.dmp

Filesize
68KB

Download
memory/3248-159-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/3248-160-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/3248-136-0x0000000002130000-0x000000000217B000-memory.dmp

Filesize
300KB

Download
memory/3888-212-0x0000000002F70000-0x0000000002F8E000-memory.dmp

Filesize
120KB

Download
memory/3888-208-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/3888-209-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/3888-230-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/3888-210-0x0000000002300000-0x000000000234B000-memory.dmp

Filesize
300KB

Download
memory/3888-229-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/3888-211-0x0000000002840000-0x0000000002851000-memory.dmp

Filesize
68KB

Download
memory/4584-36-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/4584-47-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/4584-119-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/4584-118-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/4584-58-0x0000000002FB0000-0x0000000002FC1000-memory.dmp

Filesize
68KB

Download
memory/4584-51-0x0000000002190000-0x00000000021DB000-memory.dmp

Filesize
300KB

Download
memory/4584-59-0x00000000030D0000-0x00000000030EE000-memory.dmp

Filesize
120KB

Download
memory/4656-228-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/4656-231-0x00000000022F0000-0x000000000233B000-memory.dmp

Filesize
300KB

Download
memory/4656-225-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/4656-233-0x0000000002710000-0x000000000272E000-memory.dmp

Filesize
120KB

Download
memory/4656-232-0x00000000026F0000-0x0000000002701000-memory.dmp

Filesize
68KB

Download
memory/4720-91-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/4720-94-0x0000000002210000-0x000000000225B000-memory.dmp

Filesize
300KB

Download
memory/4720-102-0x00000000026F0000-0x000000000270E000-memory.dmp

Filesize
120KB

Download
memory/4720-101-0x00000000026D0000-0x00000000026E1000-memory.dmp

Filesize
68KB

Download
memory/4720-144-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/4720-145-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/4724-157-0x00000000024E0000-0x00000000024F1000-memory.dmp

Filesize
68KB

Download
memory/4724-177-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/4724-156-0x0000000002110000-0x000000000215B000-memory.dmp

Filesize
300KB

Download
memory/4724-158-0x0000000002500000-0x000000000251E000-memory.dmp

Filesize
120KB

Download
memory/4724-176-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/4948-200-0x0000000003070000-0x000000000308E000-memory.dmp

Filesize
120KB

Download
memory/4948-199-0x0000000002F50000-0x0000000002F61000-memory.dmp

Filesize
68KB

Download
memory/4948-201-0x0000000003070000-0x000000000308E000-memory.dmp

Filesize
120KB

Download
memory/4948-196-0x0000000002010000-0x000000000205B000-memory.dmp

Filesize
300KB

Download
memory/4948-195-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/4948-219-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/4948-220-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/5092-221-0x00000000023F0000-0x0000000002401000-memory.dmp

Filesize
68KB

Download
memory/5092-217-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/5092-222-0x0000000002830000-0x000000000284E000-memory.dmp

Filesize
120KB

Download
memory/5092-239-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/5092-240-0x0000000010000000-0x000000001011C000-memory.dmp

Filesize
1.1MB

Download
memory/5092-218-0x0000000002290000-0x00000000022DB000-memory.dmp

Filesize
300KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads