9e168a8a36d60c0210e0c5aa0e1d0ae53014c078f98b10a4d40948702e3bc931

General

Target

366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exe
Size

101KB
MD5

366537b87b21452cfbb8b18d317bb423
SHA1

2697a80c631f0171726206fb0e4ddaf9c4ea1a0e
SHA256

9e168a8a36d60c0210e0c5aa0e1d0ae53014c078f98b10a4d40948702e3bc931
SHA512

11300fc8ef49e42d762b50b0c5cbfc83d0abc26e318c5e177ef1506794f941d45a9d5f56f7f3a86abd273a6c712cc9c7564a65c29e624bcbce22937c5a7a81b0
SSDEEP

3072:UHNFe+yARnRD68wbbeDL4/mdXtqbBaYY/:UHNo+yARRD68w+X4/8Xt+Bxs

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 61 IoCs

Processes:

iexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exe

pid	process
1664	iexplorer-.exe
2820	iexplorer-.exe
2836	iexplorer-.exe
2604	iexplorer-.exe
2628	iexplorer-.exe
2312	iexplorer-.exe
1616	iexplorer-.exe
2136	iexplorer-.exe
1784	iexplorer-.exe
2616	iexplorer-.exe
2748	iexplorer-.exe
2852	iexplorer-.exe
1036	iexplorer-.exe
924	iexplorer-.exe
2320	iexplorer-.exe
2096	iexplorer-.exe
2092	iexplorer-.exe
2196	iexplorer-.exe
2464	iexplorer-.exe
2392	iexplorer-.exe
1480	iexplorer-.exe
2024	iexplorer-.exe
1728	iexplorer-.exe
596	iexplorer-.exe
2240	iexplorer-.exe
996	iexplorer-.exe
2364	iexplorer-.exe
1552	iexplorer-.exe
2156	iexplorer-.exe
1572	iexplorer-.exe
2192	iexplorer-.exe
2596	iexplorer-.exe
1988	iexplorer-.exe
1812	iexplorer-.exe
324	iexplorer-.exe
2180	iexplorer-.exe
340	iexplorer-.exe
2296	iexplorer-.exe
3092	iexplorer-.exe
3128	iexplorer-.exe
3168	iexplorer-.exe
3216	iexplorer-.exe
3256	iexplorer-.exe
3300	iexplorer-.exe
3336	iexplorer-.exe
3380	iexplorer-.exe
3420	iexplorer-.exe
3464	iexplorer-.exe
3508	iexplorer-.exe
3548	iexplorer-.exe
3588	iexplorer-.exe
3624	iexplorer-.exe
3664	iexplorer-.exe
3708	iexplorer-.exe
3748	iexplorer-.exe
3784	iexplorer-.exe
3832	iexplorer-.exe
3872	iexplorer-.exe
3908	iexplorer-.exe
3944	iexplorer-.exe
3988	iexplorer-.exe

Loads dropped DLL 64 IoCs

Processes:

366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exe

pid	process
1292	366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exe
1292	366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exe
1664	iexplorer-.exe
1664	iexplorer-.exe
2820	iexplorer-.exe
2820	iexplorer-.exe
2836	iexplorer-.exe
2836	iexplorer-.exe
2604	iexplorer-.exe
2604	iexplorer-.exe
2628	iexplorer-.exe
2628	iexplorer-.exe
2312	iexplorer-.exe
2312	iexplorer-.exe
1616	iexplorer-.exe
1616	iexplorer-.exe
2136	iexplorer-.exe
2136	iexplorer-.exe
1784	iexplorer-.exe
1784	iexplorer-.exe
2616	iexplorer-.exe
2616	iexplorer-.exe
2748	iexplorer-.exe
2748	iexplorer-.exe
2852	iexplorer-.exe
2852	iexplorer-.exe
1036	iexplorer-.exe
1036	iexplorer-.exe
924	iexplorer-.exe
924	iexplorer-.exe
2320	iexplorer-.exe
2320	iexplorer-.exe
2096	iexplorer-.exe
2096	iexplorer-.exe
2092	iexplorer-.exe
2092	iexplorer-.exe
2196	iexplorer-.exe
2196	iexplorer-.exe
2464	iexplorer-.exe
2464	iexplorer-.exe
2392	iexplorer-.exe
2392	iexplorer-.exe
1480	iexplorer-.exe
1480	iexplorer-.exe
2024	iexplorer-.exe
2024	iexplorer-.exe
1728	iexplorer-.exe
1728	iexplorer-.exe
596	iexplorer-.exe
596	iexplorer-.exe
2240	iexplorer-.exe
2240	iexplorer-.exe
996	iexplorer-.exe
996	iexplorer-.exe
2364	iexplorer-.exe
2364	iexplorer-.exe
1552	iexplorer-.exe
1552	iexplorer-.exe
2156	iexplorer-.exe
2156	iexplorer-.exe
1572	iexplorer-.exe
1572	iexplorer-.exe
2192	iexplorer-.exe
2192	iexplorer-.exe

Adds Run key to start application 2 TTPs 62 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

iexplorer-.exe366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iexplorer- = "C:\\Windows\\system32\\iexplorer-.exe"	iexplorer-.exe

Modifies WinLogon 2 TTPs 64 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

iexplorer-.exeiexplorer-.exeiexplorer-.exe366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Logon = "WLEvtLogon"	iexplorer-.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Asynchronous = "0"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Logoff = "WLEvtLogoff"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Lock = "WLEvtLock"	366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\DllName = "iexplorer-.dll"	iexplorer-.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Impersonate = "0"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Logon = "WLEvtLogon"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Logon = "WLEvtLogon"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Lock = "WLEvtLock"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Unlock = "WLEvtUnlock"	iexplorer-.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-	iexplorer-.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\DllName = "iexplorer-.dll"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Logoff = "WLEvtLogoff"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Lock = "WLEvtLock"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Unlock = "WLEvtUnlock"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Shutdown = "WLEvtShutdown"	iexplorer-.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Asynchronous = "0"	iexplorer-.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Impersonate = "0"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\DllName = "iexplorer-.dll"	iexplorer-.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\StopScreenSaver = "WLEvtStopScreenSaver"	iexplorer-.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Asynchronous = "0"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Logon = "WLEvtLogon"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\DllName = "iexplorer-.dll"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Startup = "WLEvtStartup"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Shutdown = "WLEvtShutdown"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Logon = "WLEvtLogon"	iexplorer-.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Logoff = "WLEvtLogoff"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Startup = "WLEvtStartup"	iexplorer-.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Impersonate = "0"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Logon = "WLEvtLogon"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\StopScreenSaver = "WLEvtStopScreenSaver"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Shutdown = "WLEvtShutdown"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\DllName = "iexplorer-.dll"	iexplorer-.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-	iexplorer-.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Logoff = "WLEvtLogoff"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Shutdown = "WLEvtShutdown"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Logon = "WLEvtLogon"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Unlock = "WLEvtUnlock"	iexplorer-.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Impersonate = "0"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Logoff = "WLEvtLogoff"	iexplorer-.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Asynchronous = "0"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Logon = "WLEvtLogon"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Lock = "WLEvtLock"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\StopScreenSaver = "WLEvtStopScreenSaver"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Lock = "WLEvtLock"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\DllName = "iexplorer-.dll"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\DllName = "iexplorer-.dll"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Startup = "WLEvtStartup"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\DllName = "iexplorer-.dll"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Logoff = "WLEvtLogoff"	iexplorer-.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Asynchronous = "0"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Startup = "WLEvtStartup"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\StopScreenSaver = "WLEvtStopScreenSaver"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Lock = "WLEvtLock"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Lock = "WLEvtLock"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\DllName = "iexplorer-.dll"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Startup = "WLEvtStartup"	iexplorer-.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Startup = "WLEvtStartup"	iexplorer-.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer-\Logoff = "WLEvtLogoff"	iexplorer-.exe

Drops file in System32 directory 64 IoCs

Processes:

iexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exe366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exe

description	ioc	process
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File opened for modification	C:\Windows\SysWOW64\iexplorer-.exe	366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File opened for modification	C:\Windows\SysWOW64\iexplorer-.dll	366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.dll	366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe
File created	C:\Windows\SysWOW64\iexplorer-.exe	iexplorer-.exe

Drops file in Windows directory 1 IoCs

Processes:

366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exe

description ioc process

File opened for modification C:\Windows\SysWOW64 366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Windows\SysWOW64	366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exeiexplorer-.exe

description	pid	process	target process
PID 1292 wrote to memory of 1664	1292	366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exe	iexplorer-.exe
PID 1292 wrote to memory of 1664	1292	366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exe	iexplorer-.exe
PID 1292 wrote to memory of 1664	1292	366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exe	iexplorer-.exe
PID 1292 wrote to memory of 1664	1292	366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exe	iexplorer-.exe
PID 1664 wrote to memory of 2820	1664	iexplorer-.exe	iexplorer-.exe
PID 1664 wrote to memory of 2820	1664	iexplorer-.exe	iexplorer-.exe
PID 1664 wrote to memory of 2820	1664	iexplorer-.exe	iexplorer-.exe
PID 1664 wrote to memory of 2820	1664	iexplorer-.exe	iexplorer-.exe
PID 2820 wrote to memory of 2836	2820	iexplorer-.exe	iexplorer-.exe
PID 2820 wrote to memory of 2836	2820	iexplorer-.exe	iexplorer-.exe
PID 2820 wrote to memory of 2836	2820	iexplorer-.exe	iexplorer-.exe
PID 2820 wrote to memory of 2836	2820	iexplorer-.exe	iexplorer-.exe
PID 2836 wrote to memory of 2604	2836	iexplorer-.exe	iexplorer-.exe
PID 2836 wrote to memory of 2604	2836	iexplorer-.exe	iexplorer-.exe
PID 2836 wrote to memory of 2604	2836	iexplorer-.exe	iexplorer-.exe
PID 2836 wrote to memory of 2604	2836	iexplorer-.exe	iexplorer-.exe
PID 2604 wrote to memory of 2628	2604	iexplorer-.exe	iexplorer-.exe
PID 2604 wrote to memory of 2628	2604	iexplorer-.exe	iexplorer-.exe
PID 2604 wrote to memory of 2628	2604	iexplorer-.exe	iexplorer-.exe
PID 2604 wrote to memory of 2628	2604	iexplorer-.exe	iexplorer-.exe
PID 2628 wrote to memory of 2312	2628	iexplorer-.exe	iexplorer-.exe
PID 2628 wrote to memory of 2312	2628	iexplorer-.exe	iexplorer-.exe
PID 2628 wrote to memory of 2312	2628	iexplorer-.exe	iexplorer-.exe
PID 2628 wrote to memory of 2312	2628	iexplorer-.exe	iexplorer-.exe
PID 2312 wrote to memory of 1616	2312	iexplorer-.exe	iexplorer-.exe
PID 2312 wrote to memory of 1616	2312	iexplorer-.exe	iexplorer-.exe
PID 2312 wrote to memory of 1616	2312	iexplorer-.exe	iexplorer-.exe
PID 2312 wrote to memory of 1616	2312	iexplorer-.exe	iexplorer-.exe
PID 1616 wrote to memory of 2136	1616	iexplorer-.exe	iexplorer-.exe
PID 1616 wrote to memory of 2136	1616	iexplorer-.exe	iexplorer-.exe
PID 1616 wrote to memory of 2136	1616	iexplorer-.exe	iexplorer-.exe
PID 1616 wrote to memory of 2136	1616	iexplorer-.exe	iexplorer-.exe
PID 2136 wrote to memory of 1784	2136	iexplorer-.exe	iexplorer-.exe
PID 2136 wrote to memory of 1784	2136	iexplorer-.exe	iexplorer-.exe
PID 2136 wrote to memory of 1784	2136	iexplorer-.exe	iexplorer-.exe
PID 2136 wrote to memory of 1784	2136	iexplorer-.exe	iexplorer-.exe
PID 1784 wrote to memory of 2616	1784	iexplorer-.exe	iexplorer-.exe
PID 1784 wrote to memory of 2616	1784	iexplorer-.exe	iexplorer-.exe
PID 1784 wrote to memory of 2616	1784	iexplorer-.exe	iexplorer-.exe
PID 1784 wrote to memory of 2616	1784	iexplorer-.exe	iexplorer-.exe
PID 2616 wrote to memory of 2748	2616	iexplorer-.exe	iexplorer-.exe
PID 2616 wrote to memory of 2748	2616	iexplorer-.exe	iexplorer-.exe
PID 2616 wrote to memory of 2748	2616	iexplorer-.exe	iexplorer-.exe
PID 2616 wrote to memory of 2748	2616	iexplorer-.exe	iexplorer-.exe
PID 2748 wrote to memory of 2852	2748	iexplorer-.exe	iexplorer-.exe
PID 2748 wrote to memory of 2852	2748	iexplorer-.exe	iexplorer-.exe
PID 2748 wrote to memory of 2852	2748	iexplorer-.exe	iexplorer-.exe
PID 2748 wrote to memory of 2852	2748	iexplorer-.exe	iexplorer-.exe
PID 2852 wrote to memory of 1036	2852	iexplorer-.exe	iexplorer-.exe
PID 2852 wrote to memory of 1036	2852	iexplorer-.exe	iexplorer-.exe
PID 2852 wrote to memory of 1036	2852	iexplorer-.exe	iexplorer-.exe
PID 2852 wrote to memory of 1036	2852	iexplorer-.exe	iexplorer-.exe
PID 1036 wrote to memory of 924	1036	iexplorer-.exe	iexplorer-.exe
PID 1036 wrote to memory of 924	1036	iexplorer-.exe	iexplorer-.exe
PID 1036 wrote to memory of 924	1036	iexplorer-.exe	iexplorer-.exe
PID 1036 wrote to memory of 924	1036	iexplorer-.exe	iexplorer-.exe
PID 924 wrote to memory of 2320	924	iexplorer-.exe	iexplorer-.exe
PID 924 wrote to memory of 2320	924	iexplorer-.exe	iexplorer-.exe
PID 924 wrote to memory of 2320	924	iexplorer-.exe	iexplorer-.exe
PID 924 wrote to memory of 2320	924	iexplorer-.exe	iexplorer-.exe
PID 2320 wrote to memory of 2096	2320	iexplorer-.exe	iexplorer-.exe
PID 2320 wrote to memory of 2096	2320	iexplorer-.exe	iexplorer-.exe
PID 2320 wrote to memory of 2096	2320	iexplorer-.exe	iexplorer-.exe
PID 2320 wrote to memory of 2096	2320	iexplorer-.exe	iexplorer-.exe

C:\Users\Admin\AppData\Local\Temp\366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\366537b87b21452cfbb8b18d317bb423_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1292

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1664

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2820

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2836

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2604

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2628

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2312

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
8⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1616

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
9⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2136

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
10⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1784

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
11⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2616

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
12⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2748

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
13⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2852

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
14⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1036

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
15⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:924

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
16⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2320

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
17⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:2096

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
18⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
PID:2092

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
19⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:2196

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
20⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:2464

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
21⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:2392

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
22⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
PID:1480

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
23⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:2024

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
24⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:1728

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
25⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
PID:596

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
26⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:2240

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
27⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
PID:996

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
28⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:2364

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
29⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:1552

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
30⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
PID:2156

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
31⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:1572

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
32⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:2192

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
33⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:2596

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
34⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:1988

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
35⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:1812

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
36⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:324

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
37⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:2180

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
38⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:340

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
39⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:2296

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
40⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:3092

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
41⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:3128

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
42⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:3168

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
43⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:3216

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
44⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:3256

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
45⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:3300

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
46⤵
- Executes dropped EXE
- Adds Run key to start application
PID:3336

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
47⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:3380

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
48⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:3420

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
49⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:3464

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
50⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:3508

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
51⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:3548

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
52⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:3588

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
53⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:3624

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
54⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:3664

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
55⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:3708

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
56⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:3748

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
57⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:3784

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
58⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:3832

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
59⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:3872

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
60⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:3908

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
61⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:3944

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
62⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:3988

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
63⤵
PID:4024

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
64⤵
PID:4060

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
65⤵
PID:1600

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
66⤵
PID:4104

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
67⤵
PID:4144

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
68⤵
PID:4180

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
69⤵
PID:4220

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
70⤵
PID:4256

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
71⤵
PID:4296

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
72⤵
PID:4332

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
73⤵
PID:4368

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
74⤵
PID:4408

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
75⤵
PID:4464

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
76⤵
PID:4500

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
77⤵
PID:4536

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
78⤵
PID:4576

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
79⤵
PID:4620

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
80⤵
PID:4660

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
81⤵
PID:4700

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
82⤵
PID:4740

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
83⤵
PID:4780

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
84⤵
PID:4820

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
85⤵
PID:4864

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
86⤵
PID:4904

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
87⤵
PID:4940

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
88⤵
PID:4980

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
89⤵
PID:5020

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
90⤵
PID:5064

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
91⤵
PID:5100

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
92⤵
PID:660

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
93⤵
PID:5132

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
94⤵
PID:5172

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
95⤵
PID:5216

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
96⤵
PID:5256

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
97⤵
PID:5292

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
98⤵
PID:5332

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
99⤵
PID:5372

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
100⤵
PID:5412

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
101⤵
PID:5456

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
102⤵
PID:5500

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
103⤵
PID:5540

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
104⤵
PID:5580

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
105⤵
PID:5616

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
106⤵
PID:5652

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
107⤵
PID:5688

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
108⤵
PID:5728

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
109⤵
PID:5768

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
110⤵
PID:5804

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
111⤵
PID:5840

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
112⤵
PID:5884

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
113⤵
PID:5924

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
114⤵
PID:5964

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
115⤵
PID:6004

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
116⤵
PID:6044

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
117⤵
PID:6084

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
118⤵
PID:6120

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
119⤵
PID:5700

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
120⤵
PID:6180

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
121⤵
PID:6216

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
122⤵
PID:6252

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
123⤵
PID:6288

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
124⤵
PID:6332

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
125⤵
PID:6368

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
126⤵
PID:6408

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
127⤵
PID:6456

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
128⤵
PID:6496

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
129⤵
PID:6532

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
130⤵
PID:6572

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
131⤵
PID:6608

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
132⤵
PID:6648

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
133⤵
PID:6688

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
134⤵
PID:6724

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
135⤵
PID:6760

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
136⤵
PID:6800

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
137⤵
PID:6840

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
138⤵
PID:6876

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
139⤵
PID:6912

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
140⤵
PID:6948

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
141⤵
PID:6984

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
142⤵
PID:7024

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
143⤵
PID:7060

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
144⤵
PID:7100

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
145⤵
PID:7136

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
146⤵
PID:6452

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
147⤵
PID:7192

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
148⤵
PID:7228

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
149⤵
PID:7264

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
150⤵
PID:7300

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
151⤵
PID:7344

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
152⤵
PID:7380

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
153⤵
PID:7420

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
154⤵
PID:7456

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
155⤵
PID:7496

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
156⤵
PID:7536

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
157⤵
PID:7576

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
158⤵
PID:7612

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
159⤵
PID:7648

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
160⤵
PID:7684

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
161⤵
PID:7724

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
162⤵
PID:7760

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
163⤵
PID:7800

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
164⤵
PID:7840

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
165⤵
PID:7884

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
166⤵
PID:7924

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
167⤵
PID:7964

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
168⤵
PID:8000

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
169⤵
PID:8040

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
170⤵
PID:8080

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
171⤵
PID:8120

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
172⤵
PID:8160

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
173⤵
PID:7532

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
174⤵
PID:8216

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
175⤵
PID:8252

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
176⤵
PID:8292

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
177⤵
PID:8328

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
178⤵
PID:8368

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
179⤵
PID:8404

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
180⤵
PID:8444

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
181⤵
PID:8488

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
182⤵
PID:8532

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
183⤵
PID:8576

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
184⤵
PID:8616

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
185⤵
PID:8652

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
186⤵
PID:8692

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
187⤵
PID:8736

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
188⤵
PID:8772

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
189⤵
PID:8808

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
190⤵
PID:8848

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
191⤵
PID:8888

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
192⤵
PID:8928

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
193⤵
PID:8972

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
194⤵
PID:9016

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
195⤵
PID:9060

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
196⤵
PID:9100

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
197⤵
PID:9140

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
198⤵
PID:9180

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
199⤵
PID:8288

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
200⤵
PID:1468

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
201⤵
PID:9236

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
202⤵
PID:9280

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
203⤵
PID:9328

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
204⤵
PID:9368

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
205⤵
PID:9412

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
206⤵
PID:9460

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
207⤵
PID:9500

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
208⤵
PID:9540

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
209⤵
PID:9580

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
210⤵
PID:9628

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
211⤵
PID:9672

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
212⤵
PID:9712

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
213⤵
PID:9756

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
214⤵
PID:9800

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
215⤵
PID:9844

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
216⤵
PID:9888

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
217⤵
PID:9936

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
218⤵
PID:9984

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
219⤵
PID:10028

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
220⤵
PID:10076

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
221⤵
PID:10120

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
222⤵
PID:10164

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
223⤵
PID:10212

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
224⤵
PID:932

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
225⤵
PID:9792

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
226⤵
PID:2688

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
227⤵
PID:2368

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
228⤵
PID:10244

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
229⤵
PID:10284

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
230⤵
PID:10332

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
231⤵
PID:10376

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
232⤵
PID:10420

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
233⤵
PID:10460

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
234⤵
PID:10508

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
235⤵
PID:10552

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
236⤵
PID:10596

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
237⤵
PID:10640

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
238⤵
PID:10692

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
239⤵
PID:10736

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
240⤵
PID:10776

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
241⤵
PID:10824

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
242⤵
PID:10868

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
243⤵
PID:10912

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
244⤵
PID:10960

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
245⤵
PID:11004

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
246⤵
PID:11048

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
247⤵
PID:11088

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
248⤵
PID:11136

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
249⤵
PID:11172

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
250⤵
PID:11220

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
251⤵
PID:11260

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
252⤵
PID:2344

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
253⤵
PID:1724

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
254⤵
PID:3052

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
255⤵
PID:1364

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
256⤵
PID:11216

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
257⤵
PID:11268

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
258⤵
PID:11312

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
259⤵
PID:11356

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
260⤵
PID:11396

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
261⤵
PID:11440

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
262⤵
PID:11480

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
263⤵
PID:11520

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
264⤵
PID:11564

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
265⤵
PID:11608

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
266⤵
PID:11652

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
267⤵
PID:11700

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
268⤵
PID:11744

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
269⤵
PID:11788

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
270⤵
PID:11832

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
271⤵
PID:11876

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
272⤵
PID:11916

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
273⤵
PID:11956

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
274⤵
PID:12004

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
275⤵
PID:12048

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
276⤵
PID:12092

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
277⤵
PID:12140

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
278⤵
PID:12184

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
279⤵
PID:12228

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
280⤵
PID:12280

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
281⤵
PID:3524

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
282⤵
PID:3736

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
283⤵
PID:3964

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
284⤵
PID:4160

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
285⤵
PID:4388

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
286⤵
PID:12304

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
287⤵
PID:12344

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
288⤵
PID:12392

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
289⤵
PID:12436

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
290⤵
PID:12488

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
291⤵
PID:12532

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
292⤵
PID:12580

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
293⤵
PID:12620

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
294⤵
PID:12668

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
295⤵
PID:12708

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
296⤵
PID:12752

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
297⤵
PID:12792

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
298⤵
PID:12840

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
299⤵
PID:12892

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
300⤵
PID:12936

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
301⤵
PID:12976

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
302⤵
PID:13024

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
303⤵
PID:13064

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
304⤵
PID:13112

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
305⤵
PID:13160

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
306⤵
PID:13200

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
307⤵
PID:13244

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
308⤵
PID:13292

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
309⤵
PID:4720

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
310⤵
PID:4960

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
311⤵
PID:5188

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
312⤵
PID:5432

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
313⤵
PID:5596

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
314⤵
PID:5912

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
315⤵
PID:6136

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
316⤵
PID:13356

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
317⤵
PID:13400

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
318⤵
PID:13452

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
319⤵
PID:13500

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
320⤵
PID:13548

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
321⤵
PID:13588

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
322⤵
PID:13636

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
323⤵
PID:13676

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
324⤵
PID:13724

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
325⤵
PID:13772

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
326⤵
PID:13820

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
327⤵
PID:13864

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
328⤵
PID:13912

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
329⤵
PID:13956

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
330⤵
PID:13996

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
331⤵
PID:14036

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
332⤵
PID:14084

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
333⤵
PID:14128

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
334⤵
PID:14180

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
335⤵
PID:14224

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
336⤵
PID:14272

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
337⤵
PID:14316

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
338⤵
PID:6352

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
339⤵
PID:6592

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
340⤵
PID:6892

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
341⤵
PID:7208

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
342⤵
PID:7512

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
343⤵
PID:7816

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
344⤵
PID:8020

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
345⤵
PID:14352

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
346⤵
PID:14400

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
347⤵
PID:14440

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
348⤵
PID:14480

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
349⤵
PID:14528

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
350⤵
PID:14576

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
351⤵
PID:14628

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
352⤵
PID:14684

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
353⤵
PID:14728

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
354⤵
PID:14780

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
355⤵
PID:14832

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
356⤵
PID:14876

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
357⤵
PID:14920

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
358⤵
PID:14968

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
359⤵
PID:15016

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
360⤵
PID:15056

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
361⤵
PID:15108

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
362⤵
PID:15156

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
363⤵
PID:15208

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
364⤵
PID:15252

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
365⤵
PID:15292

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
366⤵
PID:15336

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
367⤵
PID:8272

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
368⤵
PID:8504

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
369⤵
PID:8680

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
370⤵
PID:2108

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
371⤵
PID:9120

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
372⤵
PID:8884

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
373⤵
PID:1300

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
374⤵
PID:1380

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
375⤵
PID:2000

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
376⤵
PID:2188

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
377⤵
PID:1100

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
378⤵
PID:3024

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
379⤵
PID:2040

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
380⤵
PID:10232

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
381⤵
PID:3000

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
382⤵
PID:15384

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
383⤵
PID:15432

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
384⤵
PID:15480

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
385⤵
PID:15528

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
386⤵
PID:15580

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
387⤵
PID:15628

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
388⤵
PID:15684

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
389⤵
PID:15748

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
390⤵
PID:15804

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
391⤵
PID:15856

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
392⤵
PID:15904

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
393⤵
PID:15956

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
394⤵
PID:16012

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
395⤵
PID:16056

C:\Windows\SysWOW64\iexplorer-.exe
"C:\Windows\system32\iexplorer-.exe"
396⤵
PID:16108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Winlogon Helper DLL

1

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

2

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Winlogon Helper DLL

1

T1547.004

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\iexplorer-.exe

Filesize
39KB

MD5
f1383a03e51aff22ac466f3a9c67027f

SHA1
979825ea8423a8b82cfcb6078f58d0d9aef31d18

SHA256
7a4c272ffbb2e0482edbda182b766ac3253e2ce2368643046b08a9df629a31ec

SHA512
94efedb463131c7e077536fde3f51ca6471d53bc26e775dbcec37f03d5123ae39d190432ba349ca1e96e6d1b64a71f89c27ee6f04b0173ae43ea9d83eac92faf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads