Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
11-07-2024 13:23
Static task
static1
Behavioral task
behavioral1
Sample
394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe
Resource
win10v2004-20240704-en
General
-
Target
394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe
-
Size
108KB
-
MD5
394c814fd0a051c1b314f71c54d429d7
-
SHA1
acfee59919253cc2cb6d34509ca48b69637847c5
-
SHA256
2916d8917eb29957c0fe9e728c6eb772d0d71ca943b3b17ca7893bfcbf13aed1
-
SHA512
9805c8b879ca86ab8225e1d10b24442ef75feda8c1044eb87c7a736530d6a8d51b7ee3f9af7869c6868d85a613720628ef9cc4b4dd6354f5891aa6113a7475f8
-
SSDEEP
768:w23oHdWbjfT602a0ro6oSENk3s5naQ2xWuxR/aMxL2V5A7/jIxgoDW+v+U:wgEENd5aQyW0aNVuTjIxqU
Malware Config
Signatures
-
Detect XtremeRAT payload 7 IoCs
Processes:
resource yara_rule behavioral1/memory/2504-6-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral1/memory/2504-5-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral1/memory/2504-17-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral1/memory/2720-28-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral1/memory/2720-30-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral1/memory/1684-39-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral1/memory/1684-42-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat -
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE 64 IoCs
Processes:
Server.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exepid process 2240 Server.exe 2720 Server.exe 732 Server.exe 1684 Server.exe 1476 Server.exe 2036 Server.exe 2632 Server.exe 1596 Server.exe 2920 Server.exe 2888 Server.exe 1836 Server.exe 2552 Server.exe 1896 Server.exe 892 Server.exe 1760 Server.exe 1272 Server.exe 2988 Server.exe 2016 Server.exe 1704 Server.exe 1600 Server.exe 2676 Server.exe 2868 Server.exe 2648 Server.exe 2636 Server.exe 108 Server.exe 1816 Server.exe 1636 Server.exe 1124 Server.exe 1332 Server.exe 2224 Server.exe 1612 Server.exe 2000 Server.exe 732 Server.exe 2868 Server.exe 924 Server.exe 844 Server.exe 1528 Server.exe 1644 Server.exe 912 Server.exe 2224 Server.exe 2620 Server.exe 2336 Server.exe 2364 Server.exe 1336 Server.exe 2224 Server.exe 2076 Server.exe 1644 Server.exe 1684 Server.exe 1968 Server.exe 2560 Server.exe 3144 Server.exe 3160 Server.exe 3280 Server.exe 3296 Server.exe 3416 Server.exe 3432 Server.exe 3552 Server.exe 3568 Server.exe 3692 Server.exe 3708 Server.exe 3828 Server.exe 3844 Server.exe 3964 Server.exe 3980 Server.exe -
Loads dropped DLL 3 IoCs
Processes:
394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exeServer.exepid process 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 2240 Server.exe -
Processes:
resource yara_rule behavioral1/memory/2504-2-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral1/memory/2504-6-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral1/memory/2504-5-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral1/memory/2504-4-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral1/memory/2504-17-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral1/memory/2720-28-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral1/memory/2720-30-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral1/memory/1684-39-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral1/memory/1684-42-0x0000000000C80000-0x0000000000C96000-memory.dmp upx -
Suspicious use of SetThreadContext 33 IoCs
Processes:
394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exedescription pid process target process PID 484 set thread context of 2504 484 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe PID 2240 set thread context of 2720 2240 Server.exe Server.exe PID 732 set thread context of 1684 732 Server.exe Server.exe PID 1476 set thread context of 2036 1476 Server.exe Server.exe PID 2632 set thread context of 1596 2632 Server.exe Server.exe PID 2920 set thread context of 2888 2920 Server.exe Server.exe PID 1836 set thread context of 2552 1836 Server.exe Server.exe PID 1896 set thread context of 892 1896 Server.exe Server.exe PID 1760 set thread context of 1272 1760 Server.exe Server.exe PID 2988 set thread context of 2016 2988 Server.exe Server.exe PID 1704 set thread context of 1600 1704 Server.exe Server.exe PID 2676 set thread context of 2868 2676 Server.exe Server.exe PID 2648 set thread context of 2636 2648 Server.exe Server.exe PID 108 set thread context of 1816 108 Server.exe Server.exe PID 1636 set thread context of 1124 1636 Server.exe Server.exe PID 1332 set thread context of 2224 1332 Server.exe Server.exe PID 1612 set thread context of 2000 1612 Server.exe Server.exe PID 732 set thread context of 2868 732 Server.exe Server.exe PID 924 set thread context of 844 924 Server.exe Server.exe PID 1528 set thread context of 1644 1528 Server.exe Server.exe PID 912 set thread context of 2224 912 Server.exe Server.exe PID 2620 set thread context of 2336 2620 Server.exe Server.exe PID 2364 set thread context of 1336 2364 Server.exe Server.exe PID 2224 set thread context of 2076 2224 Server.exe Server.exe PID 1644 set thread context of 1684 1644 Server.exe Server.exe PID 1968 set thread context of 2560 1968 Server.exe Server.exe PID 3144 set thread context of 3160 3144 Server.exe Server.exe PID 3280 set thread context of 3296 3280 Server.exe Server.exe PID 3416 set thread context of 3432 3416 Server.exe Server.exe PID 3552 set thread context of 3568 3552 Server.exe Server.exe PID 3692 set thread context of 3708 3692 Server.exe Server.exe PID 3828 set thread context of 3844 3828 Server.exe Server.exe PID 3964 set thread context of 3980 3964 Server.exe Server.exe -
Drops file in Program Files directory 2 IoCs
Processes:
394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exedescription ioc process File opened for modification C:\Program Files (x86)\InstallDir\Server.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe File created C:\Program Files (x86)\InstallDir\Server.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 33 IoCs
Processes:
394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exepid process 484 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 2240 Server.exe 732 Server.exe 1476 Server.exe 2632 Server.exe 2920 Server.exe 1836 Server.exe 1896 Server.exe 1760 Server.exe 2988 Server.exe 1704 Server.exe 2676 Server.exe 2648 Server.exe 108 Server.exe 1636 Server.exe 1332 Server.exe 1612 Server.exe 732 Server.exe 924 Server.exe 1528 Server.exe 912 Server.exe 2620 Server.exe 2364 Server.exe 2224 Server.exe 1644 Server.exe 1968 Server.exe 3144 Server.exe 3280 Server.exe 3416 Server.exe 3552 Server.exe 3692 Server.exe 3828 Server.exe 3964 Server.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exeServer.exeServer.exedescription pid process target process PID 484 wrote to memory of 2504 484 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe PID 484 wrote to memory of 2504 484 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe PID 484 wrote to memory of 2504 484 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe PID 484 wrote to memory of 2504 484 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe PID 484 wrote to memory of 2504 484 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe PID 484 wrote to memory of 2504 484 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe PID 484 wrote to memory of 2504 484 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe PID 484 wrote to memory of 2504 484 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe PID 484 wrote to memory of 2504 484 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe PID 2504 wrote to memory of 1988 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 1988 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 1988 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 1988 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 1988 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2340 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2340 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2340 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2340 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2340 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2476 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2476 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2476 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2476 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2476 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2472 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2472 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2472 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2472 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2472 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2080 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2080 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2080 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2080 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2080 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2652 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2652 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2652 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2652 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2652 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2792 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2792 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2792 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2792 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2792 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2760 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2760 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2760 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2760 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe iexplore.exe PID 2504 wrote to memory of 2240 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe Server.exe PID 2504 wrote to memory of 2240 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe Server.exe PID 2504 wrote to memory of 2240 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe Server.exe PID 2504 wrote to memory of 2240 2504 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe Server.exe PID 2240 wrote to memory of 2720 2240 Server.exe Server.exe PID 2240 wrote to memory of 2720 2240 Server.exe Server.exe PID 2240 wrote to memory of 2720 2240 Server.exe Server.exe PID 2240 wrote to memory of 2720 2240 Server.exe Server.exe PID 2240 wrote to memory of 2720 2240 Server.exe Server.exe PID 2240 wrote to memory of 2720 2240 Server.exe Server.exe PID 2240 wrote to memory of 2720 2240 Server.exe Server.exe PID 2240 wrote to memory of 2720 2240 Server.exe Server.exe PID 2240 wrote to memory of 2720 2240 Server.exe Server.exe PID 2720 wrote to memory of 2724 2720 Server.exe iexplore.exe PID 2720 wrote to memory of 2724 2720 Server.exe iexplore.exe PID 2720 wrote to memory of 2724 2720 Server.exe iexplore.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:484 -
C:\Users\Admin\AppData\Local\Temp\394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe2⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2504 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:1988
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2340
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2476
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2472
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2080
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2652
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2792
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2760
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2240 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2720 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2724
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2704
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2780
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2976
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2812
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1984
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2936
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2600
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:732 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"6⤵
- Executes dropped EXE
PID:1684 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2604
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2644
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:644
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2172
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2624
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2212
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2536
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:832
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1476 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"8⤵
- Executes dropped EXE
PID:2036 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:1732
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:1216
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:1232
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:1900
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:1648
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:1540
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:2372
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:1788
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2632 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"10⤵
- Executes dropped EXE
PID:1596 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:1952
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:1016
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:112
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:1632
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:2028
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:744
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:1752
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:2660
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"11⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2920 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"12⤵
- Executes dropped EXE
PID:2888 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:3048
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:3036
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:2124
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:2120
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:2956
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:3052
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:2668
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:1100
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"13⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1836 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"14⤵
- Executes dropped EXE
PID:2552 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵PID:2380
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵PID:2892
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵PID:324
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵PID:712
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵PID:1700
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵PID:812
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵PID:1372
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵PID:2548
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"15⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1896 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"16⤵
- Executes dropped EXE
PID:892 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵PID:1740
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵PID:1972
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵PID:848
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵PID:2952
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵PID:1504
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵PID:528
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵PID:1824
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵PID:560
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"17⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1760 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"18⤵
- Executes dropped EXE
PID:1272 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:976
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:1892
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:2148
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:1148
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:1656
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:800
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:1256
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:348
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"19⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2988 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"20⤵
- Executes dropped EXE
PID:2016 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵PID:1500
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵PID:2328
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵PID:3028
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵PID:2252
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵PID:536
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵PID:1996
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵PID:484
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵PID:1576
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"21⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1704 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"22⤵
- Executes dropped EXE
PID:1600 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵PID:2964
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵PID:3044
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵PID:2428
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵PID:2296
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵PID:2796
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵PID:2280
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵PID:2408
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵PID:2680
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"23⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2676 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"24⤵
- Executes dropped EXE
PID:2868 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:1496
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:2764
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:2712
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:2736
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:2740
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:2876
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:2572
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:2568
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"25⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2648 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"26⤵
- Executes dropped EXE
PID:2636 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵PID:1476
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵PID:2376
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵PID:572
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵PID:1776
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵PID:1624
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵PID:1320
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵PID:2036
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵PID:1388
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"27⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:108 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"28⤵
- Executes dropped EXE
PID:1816 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵PID:2900
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵PID:2836
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵PID:2848
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵PID:2452
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵PID:2128
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵PID:2192
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵PID:2888
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵PID:1044
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"29⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1636 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"30⤵
- Executes dropped EXE
PID:1124 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:1764
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:2516
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:1896
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:2140
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:1728
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:2896
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:2032
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:2520
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"31⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1332 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"32⤵
- Executes dropped EXE
PID:2224 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵PID:2300
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵PID:1484
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵PID:1272
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵PID:2164
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵PID:2236
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵PID:988
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵PID:1652
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵PID:884
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"33⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1612 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"34⤵
- Executes dropped EXE
PID:2000 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵PID:2168
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵PID:2132
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵PID:2412
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵PID:2240
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵PID:2664
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵PID:2772
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵PID:2784
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵PID:1872
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"35⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:732 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"36⤵
- Executes dropped EXE
PID:2868 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵PID:1980
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵PID:2684
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵PID:1304
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵PID:2116
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵PID:748
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵PID:1780
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵PID:752
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵PID:940
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"37⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:924 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"38⤵
- Executes dropped EXE
PID:844 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵PID:684
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵PID:2924
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵PID:2108
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵PID:1844
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵PID:2752
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵PID:1524
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵PID:1636
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵PID:1736
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"39⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1528 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"40⤵
- Executes dropped EXE
PID:1644 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵PID:1660
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵PID:1948
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵PID:1568
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵PID:2316
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵PID:2208
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵PID:336
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵PID:1992
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵PID:1956
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"41⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:912 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"42⤵
- Executes dropped EXE
PID:2224 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵PID:1120
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵PID:2320
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵PID:2504
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵PID:2800
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵PID:2864
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵PID:2592
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵PID:732
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵PID:2648
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"43⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2620 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"44⤵
- Executes dropped EXE
PID:2336 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵PID:2636
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵PID:108
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵PID:2844
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵PID:1076
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵PID:1436
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵PID:844
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵PID:2444
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵PID:944
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"45⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2364 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"46⤵
- Executes dropped EXE
PID:1336 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵PID:1864
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵PID:1252
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵PID:912
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵PID:2056
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵PID:2352
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵PID:2828
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵PID:2000
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵PID:1612
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"47⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2224 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"48⤵
- Executes dropped EXE
PID:2076 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵PID:2852
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵PID:2244
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵PID:1508
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵PID:2144
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵PID:1688
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵PID:2364
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵PID:2416
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵PID:1884
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"49⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1644 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"50⤵
- Executes dropped EXE
PID:1684 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵PID:2336
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵PID:1964
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵PID:2084
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵PID:2076
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵PID:2816
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵PID:1644
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵PID:1708
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵PID:3016
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"51⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1968 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"52⤵
- Executes dropped EXE
PID:2560 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵PID:924
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵PID:1968
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵PID:3080
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵PID:3092
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵PID:3100
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵PID:3112
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵PID:3120
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵PID:3132
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"53⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3144 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"54⤵
- Executes dropped EXE
PID:3160 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵PID:3192
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵PID:3204
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵PID:3216
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵PID:3224
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵PID:3236
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵PID:3244
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵PID:3256
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵PID:3264
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"55⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3280 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"56⤵
- Executes dropped EXE
PID:3296 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵PID:3328
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵PID:3340
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵PID:3356
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵PID:3364
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵PID:3376
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵PID:3384
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵PID:3396
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵PID:3404
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"57⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3416 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"58⤵
- Executes dropped EXE
PID:3432 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵PID:3468
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵PID:3480
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵PID:3488
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵PID:3500
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵PID:3508
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵PID:3520
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵PID:3528
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵PID:3540
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"59⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3552 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"60⤵
- Executes dropped EXE
PID:3568 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵PID:3600
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵PID:3616
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵PID:3628
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵PID:3640
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵PID:3648
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵PID:3660
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵PID:3668
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵PID:3680
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"61⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3692 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"62⤵
- Executes dropped EXE
PID:3708 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵PID:3740
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵PID:3752
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵PID:3764
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵PID:3772
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵PID:3784
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵PID:3792
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵PID:3804
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵PID:3812
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"63⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3828 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"64⤵
- Executes dropped EXE
PID:3844 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"65⤵PID:3880
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"65⤵PID:3892
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"65⤵PID:3904
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"65⤵PID:3912
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"65⤵PID:3924
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"65⤵PID:3932
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"65⤵PID:3944
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"65⤵PID:3952
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"65⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3964 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"66⤵
- Executes dropped EXE
PID:3980 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"67⤵PID:4012
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"67⤵PID:4028
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5ea2abee352e209d80bfaf6f4645021be
SHA116704423ad798e65573892cd74be848401a5716d
SHA256c8380982d1b40c5dfd79fe28334666571de2ba3296a1de01fe062ab87e63509d
SHA5129c3c18eb0efabc64b13076d41aaf3048b2ac6277f16a47dca6dd3e80d4d60d5b1b473bbe90b0f78fafc2707ee53086ab892a8845d5847f630bdfb8babf91387b
-
Filesize
108KB
MD5394c814fd0a051c1b314f71c54d429d7
SHA1acfee59919253cc2cb6d34509ca48b69637847c5
SHA2562916d8917eb29957c0fe9e728c6eb772d0d71ca943b3b17ca7893bfcbf13aed1
SHA5129805c8b879ca86ab8225e1d10b24442ef75feda8c1044eb87c7a736530d6a8d51b7ee3f9af7869c6868d85a613720628ef9cc4b4dd6354f5891aa6113a7475f8