Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
11-07-2024 23:26
Static task
static1
Behavioral task
behavioral1
Sample
3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe
-
Size
794KB
-
MD5
3b2232cc1960a93b4cbadee688109775
-
SHA1
31eac77481abb3540f781558fed87a2606b747e2
-
SHA256
ec929a60b3ca21dea3840cc8b503b862b0c8fe0e85ab3e92098223764df89bf1
-
SHA512
907ff8afd0ad6a95352fff57faae3f7671f29a44f9a0dadf7456e416e9ca8151327f993b84476df0a47b82d3a02d81904c5f101072c5a7b5350bcededef7e0cd
-
SSDEEP
12288:reOvpyCRfHsdeU8p0U3Ecr+Oz/l2/nZDcZaj44vqd:aiy8Hsd+p0CTdzd2/nZDTDG
Malware Config
Extracted
xtremerat
ala.no-ip.biz
Signatures
-
Detect XtremeRAT payload 31 IoCs
Processes:
resource yara_rule behavioral1/memory/2380-12-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2256-16-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2996-29-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2796-32-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2696-42-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2344-54-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/1608-57-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/1764-60-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/956-70-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/3000-73-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2144-83-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/1012-86-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/1520-89-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/1192-100-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/3036-107-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2784-118-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2984-116-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2484-120-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2344-130-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2608-135-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2116-136-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/1012-142-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/3044-144-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/1204-150-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/1648-152-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2116-158-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2784-159-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2464-163-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/3048-167-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/860-171-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/996-175-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat -
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 64 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
Processes:
3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exesvchost.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" svchost.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} svchost.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe -
Executes dropped EXE 60 IoCs
Processes:
3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exepid process 2996 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2796 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2696 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2344 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 1764 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 1608 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 956 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3000 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2144 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 1520 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 1012 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 1192 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3036 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2784 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2984 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2484 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2344 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2116 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2608 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 1012 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3044 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 1648 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2784 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 1204 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2464 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2116 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3048 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 860 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 996 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 1884 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2932 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2464 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3184 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3236 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3252 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3524 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3584 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3628 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3896 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3968 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3976 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 4056 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3244 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3544 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3236 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 4008 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 4020 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3968 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3240 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3236 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3140 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 4144 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 4168 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 4212 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 4496 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 4504 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 4552 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 4592 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 4900 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 4908 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe -
Loads dropped DLL 64 IoCs
Processes:
3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exesvchost.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exepid process 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2380 svchost.exe 2380 svchost.exe 2996 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2380 svchost.exe 2380 svchost.exe 2696 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2380 svchost.exe 2380 svchost.exe 2344 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 1764 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2380 svchost.exe 2380 svchost.exe 3000 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2144 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2380 svchost.exe 2380 svchost.exe 1520 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2380 svchost.exe 2380 svchost.exe 1192 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3036 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2380 svchost.exe 2380 svchost.exe 2784 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2380 svchost.exe 2380 svchost.exe 2344 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2116 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2380 svchost.exe 2380 svchost.exe 1012 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3044 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 1648 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2380 svchost.exe 2380 svchost.exe 2784 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2380 svchost.exe 2380 svchost.exe 3048 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2380 svchost.exe 2380 svchost.exe 2380 svchost.exe 2380 svchost.exe 1884 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2932 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2380 svchost.exe 2380 svchost.exe 2464 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3184 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3236 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3252 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3524 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2380 svchost.exe 2380 svchost.exe 3584 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3628 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3968 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2380 svchost.exe 2380 svchost.exe 4056 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3244 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3544 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3236 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe -
Molebox Virtualization software 1 IoCs
Detects file using Molebox Virtualization software.
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe molebox -
Processes:
resource yara_rule behavioral1/memory/2380-12-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2256-16-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2996-29-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2796-32-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2696-42-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2344-54-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/1608-57-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/1764-60-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/956-70-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/3000-73-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2144-83-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/1012-86-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/1520-89-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/1192-100-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/3036-107-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2784-118-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2984-116-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2484-120-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2344-130-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2608-135-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2116-136-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/1012-142-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/3044-144-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/1204-150-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/1648-152-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2116-158-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2784-159-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2464-163-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/3048-167-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/860-171-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/996-175-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx -
Adds Run key to start application 2 TTPs 64 IoCs
Processes:
3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exesvchost.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" svchost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" svchost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exedescription pid process target process PID 2256 wrote to memory of 2380 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe svchost.exe PID 2256 wrote to memory of 2380 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe svchost.exe PID 2256 wrote to memory of 2380 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe svchost.exe PID 2256 wrote to memory of 2380 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe svchost.exe PID 2256 wrote to memory of 2380 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe svchost.exe PID 2256 wrote to memory of 2220 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2220 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2220 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2220 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2220 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2300 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2300 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2300 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2300 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2300 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 1312 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 1312 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 1312 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 1312 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 1312 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2296 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2296 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2296 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2296 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2296 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2304 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2304 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2304 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2304 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2304 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2776 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2776 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2776 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2776 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2776 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2780 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2780 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2780 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2780 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2780 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2860 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2860 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2860 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2860 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2256 wrote to memory of 2996 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe PID 2256 wrote to memory of 2996 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe PID 2256 wrote to memory of 2996 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe PID 2256 wrote to memory of 2996 2256 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe PID 2996 wrote to memory of 2904 2996 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2996 wrote to memory of 2904 2996 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2996 wrote to memory of 2904 2996 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2996 wrote to memory of 2904 2996 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2996 wrote to memory of 2904 2996 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2996 wrote to memory of 2060 2996 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2996 wrote to memory of 2060 2996 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2996 wrote to memory of 2060 2996 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2996 wrote to memory of 2060 2996 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2996 wrote to memory of 2060 2996 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2996 wrote to memory of 2824 2996 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2996 wrote to memory of 2824 2996 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2996 wrote to memory of 2824 2996 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2996 wrote to memory of 2824 2996 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2996 wrote to memory of 2824 2996 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe PID 2996 wrote to memory of 2748 2996 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe iexplore.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"1⤵
- Boot or Logon Autostart Execution: Active Setup
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2256 -
C:\Windows\SysWOW64\svchost.exesvchost.exe2⤵
- Boot or Logon Autostart Execution: Active Setup
- Loads dropped DLL
- Adds Run key to start application
PID:2380 -
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:2796 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2664
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2344 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1972
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1016
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1152
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1108
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:880
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2700
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2936
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1084
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:956 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3004
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2192
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:852
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:536
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2100
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:884
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2540
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:1608 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1716
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2144 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2272
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2208
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1464
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1600
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:836
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1004
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1604
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2976
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Executes dropped EXE
PID:1012 -
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:1192 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:760
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2436
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2168
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:868
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2224
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2396
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2560
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2564
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2984 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1400
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1052
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2684
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1720
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1300
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2812
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2728
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2784 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2980
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2856
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2708
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2800
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1104
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2696
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1492
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2284
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:2116 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2080
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:668
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1728
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:684
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2432
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:432
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1216
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2376
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3044 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2736
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:984
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2336
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2896
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2876
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2340
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1708
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2832
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"6⤵
- Executes dropped EXE
PID:1204 -
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:2344 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1608
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:940
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1820
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2320
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2028
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2440
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3000
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1088
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:1012 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1500
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2556
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2892
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2640
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2628
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2884
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2124
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1196
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2784 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2156
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2408
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2444
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2176
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2908
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:812
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1652
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1752
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3048 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1764
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1800
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2316
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:752
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2756
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3036
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1648
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2196
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"7⤵
- Executes dropped EXE
- Adds Run key to start application
PID:996 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2420
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1548
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1636
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2136
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3060
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2096
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:2608 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2144
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:1648 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2944
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2260
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1508
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2172
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2160
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2344
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1656
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2112
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2464 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2704
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2740
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Executes dropped EXE
PID:2116 -
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Executes dropped EXE
- Adds Run key to start application
PID:860 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1572
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2672
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1060
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2068
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1976
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1592
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:1884 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3048
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2652
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2424
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1460
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2972
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2064
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1624
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2324
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2464 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2784
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1884
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2248
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3080
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3096
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3116
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3132
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3156
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3252 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3320
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3344
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3372
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3396
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3424
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3448
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3476
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3516
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3628 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3696
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3720
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3748
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3772
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3804
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3828
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3856
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3912
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"7⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:4056 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4092
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3168
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3200
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3248
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3208
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1284
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3280
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3504
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"8⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3236 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3660
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3844
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3560
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3952
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3936
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3992
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:4024
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:4000
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"9⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:3968 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3308
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4016
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3680
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3628
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3360
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3616
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3544
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4072
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"10⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:3140 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3540
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3204
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:1468
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3656
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3496
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3536
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3492
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:4116
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"11⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:4168 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4236
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4284
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4308
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4336
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4360
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4396
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4420
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4448
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"12⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:4496 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:4616
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:4684
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:4712
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:4736
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:4764
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:4788
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:4816
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:4840
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"13⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:4900 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4992
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5096
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3788
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4160
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4140
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4200
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4232
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4384
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"14⤵PID:4472
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵PID:4544
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2932 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2400
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3044
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2184
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:860
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3088
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3108
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3124
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3148
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3184 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3228
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3328
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3352
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3380
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3404
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3432
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3456
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3484
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3524 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3572
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3704
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3728
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3756
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3780
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3812
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3836
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3864
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:3896 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3960
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3236 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3288
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3336
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3364
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3388
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3416
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3440
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3468
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3508
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:3584 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3648
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3712
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3740
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3764
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3796
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3820
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3848
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3888
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Executes dropped EXE
PID:3976 -
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:3968 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4036
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3176
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1012
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3220
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2992
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2956
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3268
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3312
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3244 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3568
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3688
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3592
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3876
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3996
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3920
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3980
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4048
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:4008 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2480
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3544 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3300
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3736
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3604
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3524
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3932
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3588
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3976
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3676
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:4020 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3276
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2232
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3184
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3596
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3900
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3256
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4088
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3464
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:3236 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3624
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3104
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4020
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4056
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3192
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3644
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3032
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4100
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:4144 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4188
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4276
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4300
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4328
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4352
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4388
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4412
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4440
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"7⤵
- Executes dropped EXE
PID:4504 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4572
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4676
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4700
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4728
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4752
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4780
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4804
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4832
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"8⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:4908 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:4972
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:5088
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:5116
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3632
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:4196
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:4136
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:4220
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:4272
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"9⤵PID:4476
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Executes dropped EXE
PID:3240 -
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:4212 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4260
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4292
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4316
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4344
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4368
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4404
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4428
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4456
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:4592 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4664
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4692
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4720
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4744
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4772
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4796
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4824
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4880
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵PID:5008
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5060
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5104
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4068
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4112
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2532
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3140
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4256
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4464
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"6⤵PID:4608
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4648
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4760
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4872
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4924
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4600
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4932
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4864
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4848
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"7⤵PID:4952
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5024
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5044
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4940
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4488
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4244
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4144
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4176
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4604
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"8⤵PID:4552
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:4936
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:4948
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:4208
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:4504
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:4212
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:5008
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:4472
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:5140
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"9⤵PID:5260
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5304
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5324
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5344
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5360
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5380
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5396
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5416
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5448
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"10⤵PID:5552
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5588
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5604
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5620
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5628
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5640
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5648
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5660
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5668
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Executes dropped EXE
PID:4552 -
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵PID:5000
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵PID:4560
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5016
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5052
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5000
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3236
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5036
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4904
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4492
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4480
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵PID:4172
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4564
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4928
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4988
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4532
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4168
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4640
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4436
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4920
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵PID:5124
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5180
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵PID:4628
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4868
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4612
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4508
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4476
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4560
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5056
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4652
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2244
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵PID:5200
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5252
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5316
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5332
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5352
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5368
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5388
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5404
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5424
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵PID:5456
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5524
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵PID:5464
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:2220
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:2300
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:1312
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:2296
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:2304
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:2776
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:2780
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:2860
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2996 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2904
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2060
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2824
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2748
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2792
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2732
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2916
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2768
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2696 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1440
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1428
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2616
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:648
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2236
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1952
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1488
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:832
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:1764 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:916
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2548
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1100
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2960
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2924
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1620
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1044
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1984
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3000 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1584
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2460
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1452
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1552
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2536
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:532
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2312
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2552
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:1520 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2044
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1020
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1816
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1612
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:948
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1968
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2600
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1676
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3036 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2240
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1568
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2568
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2968
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2364
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2996
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2752
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3064
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"8⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:2484 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:1956
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:2964
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:2140
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
794KB
MD53b2232cc1960a93b4cbadee688109775
SHA131eac77481abb3540f781558fed87a2606b747e2
SHA256ec929a60b3ca21dea3840cc8b503b862b0c8fe0e85ab3e92098223764df89bf1
SHA512907ff8afd0ad6a95352fff57faae3f7671f29a44f9a0dadf7456e416e9ca8151327f993b84476df0a47b82d3a02d81904c5f101072c5a7b5350bcededef7e0cd
-
Filesize
1KB
MD556f790849131cc9097bf01d1f0ed1a19
SHA1f08cce747c9c243bd318c8a9419a7e65497de6f9
SHA2565a24b16fd95080f676e66243769ab5a67b02b34a8d1063f6d1834c5127d03c90
SHA512b5591abe11c235ced3031d7fe2f9cc523979939de91b691e27eb9a0387861017ea8232639e5de0210b89987e1482592bdc2bd7f7c22bbfd3b2df032a9307f414
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e