Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
11-07-2024 13:23
Static task
static1
Behavioral task
behavioral1
Sample
394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe
Resource
win10v2004-20240704-en
General
-
Target
394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe
-
Size
108KB
-
MD5
394c814fd0a051c1b314f71c54d429d7
-
SHA1
acfee59919253cc2cb6d34509ca48b69637847c5
-
SHA256
2916d8917eb29957c0fe9e728c6eb772d0d71ca943b3b17ca7893bfcbf13aed1
-
SHA512
9805c8b879ca86ab8225e1d10b24442ef75feda8c1044eb87c7a736530d6a8d51b7ee3f9af7869c6868d85a613720628ef9cc4b4dd6354f5891aa6113a7475f8
-
SSDEEP
768:w23oHdWbjfT602a0ro6oSENk3s5naQ2xWuxR/aMxL2V5A7/jIxgoDW+v+U:wgEENd5aQyW0aNVuTjIxqU
Malware Config
Signatures
-
Detect XtremeRAT payload 11 IoCs
Processes:
resource yara_rule behavioral2/memory/4180-5-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral2/memory/4180-6-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral2/memory/4180-20-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral2/memory/1948-27-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral2/memory/1948-28-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral2/memory/1948-33-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral2/memory/5096-39-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral2/memory/1932-49-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral2/memory/1748-59-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral2/memory/4384-89-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral2/memory/1040-129-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat -
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks computer location settings 2 TTPs 31 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
Server.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exe394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exeServer.exeServer.exeServer.exeServer.exeServer.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe Key value queried \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation Server.exe -
Executes dropped EXE 62 IoCs
Processes:
Server.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exepid process 3244 Server.exe 1948 Server.exe 3548 Server.exe 5096 Server.exe 1004 Server.exe 1932 Server.exe 2912 Server.exe 1748 Server.exe 3772 Server.exe 3504 Server.exe 3512 Server.exe 2796 Server.exe 4696 Server.exe 4384 Server.exe 2592 Server.exe 116 Server.exe 760 Server.exe 1652 Server.exe 2820 Server.exe 2052 Server.exe 1708 Server.exe 1040 Server.exe 3808 Server.exe 3352 Server.exe 2804 Server.exe 1628 Server.exe 3092 Server.exe 2592 Server.exe 3592 Server.exe 1560 Server.exe 672 Server.exe 3188 Server.exe 4512 Server.exe 3656 Server.exe 3200 Server.exe 452 Server.exe 4876 Server.exe 4080 Server.exe 2316 Server.exe 232 Server.exe 3684 Server.exe 1476 Server.exe 4736 Server.exe 4332 Server.exe 1628 Server.exe 4068 Server.exe 632 Server.exe 4812 Server.exe 3084 Server.exe 4560 Server.exe 4048 Server.exe 4360 Server.exe 1012 Server.exe 2028 Server.exe 1704 Server.exe 5112 Server.exe 4808 Server.exe 2688 Server.exe 3684 Server.exe 3188 Server.exe 5124 Server.exe 5148 Server.exe -
Processes:
resource yara_rule behavioral2/memory/4180-2-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/4180-4-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/4180-5-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/4180-6-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/4180-20-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/1948-26-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/1948-27-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/1948-28-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/1948-33-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/5096-38-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/5096-39-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/1932-48-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/1932-49-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/1748-58-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/1748-59-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/4384-89-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/4384-88-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/1040-128-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/1040-129-0x0000000000C80000-0x0000000000C96000-memory.dmp upx -
Suspicious use of SetThreadContext 32 IoCs
Processes:
394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exedescription pid process target process PID 4292 set thread context of 4180 4292 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe PID 3244 set thread context of 1948 3244 Server.exe Server.exe PID 3548 set thread context of 5096 3548 Server.exe Server.exe PID 1004 set thread context of 1932 1004 Server.exe Server.exe PID 2912 set thread context of 1748 2912 Server.exe Server.exe PID 3772 set thread context of 3504 3772 Server.exe Server.exe PID 3512 set thread context of 2796 3512 Server.exe Server.exe PID 4696 set thread context of 4384 4696 Server.exe Server.exe PID 2592 set thread context of 116 2592 Server.exe Server.exe PID 760 set thread context of 1652 760 Server.exe Server.exe PID 2820 set thread context of 2052 2820 Server.exe Server.exe PID 1708 set thread context of 1040 1708 Server.exe Server.exe PID 3808 set thread context of 3352 3808 Server.exe Server.exe PID 2804 set thread context of 1628 2804 Server.exe Server.exe PID 3092 set thread context of 2592 3092 Server.exe Server.exe PID 3592 set thread context of 1560 3592 Server.exe Server.exe PID 672 set thread context of 3188 672 Server.exe Server.exe PID 4512 set thread context of 3656 4512 Server.exe Server.exe PID 3200 set thread context of 452 3200 Server.exe Server.exe PID 4876 set thread context of 4080 4876 Server.exe Server.exe PID 2316 set thread context of 232 2316 Server.exe Server.exe PID 3684 set thread context of 1476 3684 Server.exe Server.exe PID 4736 set thread context of 4332 4736 Server.exe Server.exe PID 1628 set thread context of 4068 1628 Server.exe Server.exe PID 632 set thread context of 4812 632 Server.exe Server.exe PID 3084 set thread context of 4560 3084 Server.exe Server.exe PID 4048 set thread context of 4360 4048 Server.exe Server.exe PID 1012 set thread context of 2028 1012 Server.exe Server.exe PID 1704 set thread context of 5112 1704 Server.exe Server.exe PID 4808 set thread context of 2688 4808 Server.exe Server.exe PID 3684 set thread context of 3188 3684 Server.exe Server.exe PID 5124 set thread context of 5148 5124 Server.exe Server.exe -
Drops file in Program Files directory 2 IoCs
Processes:
394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exedescription ioc process File created C:\Program Files (x86)\InstallDir\Server.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\InstallDir\Server.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 32 IoCs
Processes:
394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exeServer.exepid process 4292 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 3244 Server.exe 3548 Server.exe 1004 Server.exe 2912 Server.exe 3772 Server.exe 3512 Server.exe 4696 Server.exe 2592 Server.exe 760 Server.exe 2820 Server.exe 1708 Server.exe 3808 Server.exe 2804 Server.exe 3092 Server.exe 3592 Server.exe 672 Server.exe 4512 Server.exe 3200 Server.exe 4876 Server.exe 2316 Server.exe 3684 Server.exe 4736 Server.exe 1628 Server.exe 632 Server.exe 3084 Server.exe 4048 Server.exe 1012 Server.exe 1704 Server.exe 4808 Server.exe 3684 Server.exe 5124 Server.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exeServer.exeServer.exedescription pid process target process PID 4292 wrote to memory of 4180 4292 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe PID 4292 wrote to memory of 4180 4292 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe PID 4292 wrote to memory of 4180 4292 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe PID 4292 wrote to memory of 4180 4292 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe PID 4292 wrote to memory of 4180 4292 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe PID 4292 wrote to memory of 4180 4292 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe PID 4292 wrote to memory of 4180 4292 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe PID 4292 wrote to memory of 4180 4292 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe PID 4180 wrote to memory of 4888 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 4888 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 4888 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 4164 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 4164 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 4164 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 5020 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 5020 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 5020 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 4944 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 4944 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 4944 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 1260 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 1260 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 1260 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 4968 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 4968 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 4968 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 1496 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 1496 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 1496 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 3344 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 3344 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe msedge.exe PID 4180 wrote to memory of 3244 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe Server.exe PID 4180 wrote to memory of 3244 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe Server.exe PID 4180 wrote to memory of 3244 4180 394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe Server.exe PID 3244 wrote to memory of 1948 3244 Server.exe Server.exe PID 3244 wrote to memory of 1948 3244 Server.exe Server.exe PID 3244 wrote to memory of 1948 3244 Server.exe Server.exe PID 3244 wrote to memory of 1948 3244 Server.exe Server.exe PID 3244 wrote to memory of 1948 3244 Server.exe Server.exe PID 3244 wrote to memory of 1948 3244 Server.exe Server.exe PID 3244 wrote to memory of 1948 3244 Server.exe Server.exe PID 3244 wrote to memory of 1948 3244 Server.exe Server.exe PID 1948 wrote to memory of 1660 1948 Server.exe msedge.exe PID 1948 wrote to memory of 1660 1948 Server.exe msedge.exe PID 1948 wrote to memory of 1660 1948 Server.exe msedge.exe PID 1948 wrote to memory of 3428 1948 Server.exe msedge.exe PID 1948 wrote to memory of 3428 1948 Server.exe msedge.exe PID 1948 wrote to memory of 3428 1948 Server.exe msedge.exe PID 1948 wrote to memory of 2868 1948 Server.exe msedge.exe PID 1948 wrote to memory of 2868 1948 Server.exe msedge.exe PID 1948 wrote to memory of 2868 1948 Server.exe msedge.exe PID 1948 wrote to memory of 4848 1948 Server.exe msedge.exe PID 1948 wrote to memory of 4848 1948 Server.exe msedge.exe PID 1948 wrote to memory of 4848 1948 Server.exe msedge.exe PID 1948 wrote to memory of 2364 1948 Server.exe msedge.exe PID 1948 wrote to memory of 2364 1948 Server.exe msedge.exe PID 1948 wrote to memory of 2364 1948 Server.exe msedge.exe PID 1948 wrote to memory of 692 1948 Server.exe msedge.exe PID 1948 wrote to memory of 692 1948 Server.exe msedge.exe PID 1948 wrote to memory of 692 1948 Server.exe msedge.exe PID 1948 wrote to memory of 924 1948 Server.exe msedge.exe PID 1948 wrote to memory of 924 1948 Server.exe msedge.exe PID 1948 wrote to memory of 924 1948 Server.exe msedge.exe PID 1948 wrote to memory of 2896 1948 Server.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4292 -
C:\Users\Admin\AppData\Local\Temp\394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\394c814fd0a051c1b314f71c54d429d7_JaffaCakes118.exe2⤵
- Checks computer location settings
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4180 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:4888
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:4164
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:5020
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:4944
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:1260
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:4968
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:1496
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:3344
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3244 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1948 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1660
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:3428
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2868
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4848
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2364
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:692
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:924
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2896
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3548 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"6⤵
- Checks computer location settings
- Executes dropped EXE
PID:5096 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4692
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:2016
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:3372
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:3160
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4972
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:3408
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:3828
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4432
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1004 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"8⤵
- Checks computer location settings
- Executes dropped EXE
PID:1932 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:2784
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:2956
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:1516
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:2124
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:3568
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:4084
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:4000
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:2292
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2912 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"10⤵
- Checks computer location settings
- Executes dropped EXE
PID:1748 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:1528
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:1756
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:1720
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:1612
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:732
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:5052
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:3452
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"11⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3772 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"12⤵
- Checks computer location settings
- Executes dropped EXE
PID:3504 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:4732
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:4704
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:2900
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:3308
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:2692
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:4028
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:2696
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:1876
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"13⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3512 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"14⤵
- Checks computer location settings
- Executes dropped EXE
PID:2796 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:2392
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:756
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:2252
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:696
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:4144
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:1288
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:1640
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:3436
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"15⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4696 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"16⤵
- Checks computer location settings
- Executes dropped EXE
PID:4384 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:5108
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:4840
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:4364
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:460
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:3728
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:4472
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:3700
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:816
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"17⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2592 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"18⤵
- Checks computer location settings
- Executes dropped EXE
PID:116 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:3456
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:1380
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:2980
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:4864
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:2220
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:1120
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:4792
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:1428
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"19⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:760 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"20⤵
- Checks computer location settings
- Executes dropped EXE
PID:1652 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"21⤵PID:1140
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"21⤵PID:2056
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"21⤵PID:3752
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"21⤵PID:4248
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"21⤵PID:2120
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"21⤵PID:432
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"21⤵PID:4412
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"21⤵PID:1148
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"21⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2820 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"22⤵
- Checks computer location settings
- Executes dropped EXE
PID:2052 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"23⤵PID:4964
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"23⤵PID:4584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"23⤵PID:3976
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"23⤵PID:2248
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"23⤵PID:1852
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"23⤵PID:4628
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"23⤵PID:2528
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"23⤵PID:2616
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"23⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1708 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"24⤵
- Checks computer location settings
- Executes dropped EXE
PID:1040 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:3820
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:2624
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:1572
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:2548
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:444
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:4504
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:3504
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:2044
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"25⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3808 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"26⤵
- Checks computer location settings
- Executes dropped EXE
PID:3352 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"27⤵PID:4520
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"27⤵PID:1068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"27⤵PID:808
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"27⤵PID:2176
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"27⤵PID:2104
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"27⤵PID:3348
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"27⤵PID:2796
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"27⤵PID:1112
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"27⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2804 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"28⤵
- Checks computer location settings
- Executes dropped EXE
PID:1628 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"29⤵PID:3916
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"29⤵PID:4720
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"29⤵PID:5040
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"29⤵PID:4776
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"29⤵PID:2072
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"29⤵PID:1696
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"29⤵PID:4172
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"29⤵PID:4676
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"29⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3092 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"30⤵
- Checks computer location settings
- Executes dropped EXE
PID:2592 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:4496
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:4132
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:320
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:4336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:4168
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:5016
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:1452
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:4312
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"31⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3592 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"32⤵
- Checks computer location settings
- Executes dropped EXE
PID:1560 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"33⤵PID:1616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"33⤵PID:4180
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"33⤵PID:4404
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"33⤵PID:2724
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"33⤵PID:5096
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"33⤵PID:4672
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"33⤵PID:3000
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"33⤵PID:4424
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"33⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:672 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"34⤵
- Checks computer location settings
- Executes dropped EXE
PID:3188 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"35⤵PID:4372
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"35⤵PID:1996
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"35⤵PID:904
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"35⤵PID:2052
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"35⤵PID:868
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"35⤵PID:448
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"35⤵PID:2204
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"35⤵PID:4596
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"35⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4512 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"36⤵
- Checks computer location settings
- Executes dropped EXE
PID:3656 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:1868
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:4784
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:4536
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:4568
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:552
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:4756
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:1404
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"37⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3200 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"38⤵
- Checks computer location settings
- Executes dropped EXE
PID:452 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"39⤵PID:2704
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"39⤵PID:3500
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"39⤵PID:1388
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"39⤵PID:2280
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"39⤵PID:4708
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"39⤵PID:2828
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"39⤵PID:3108
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"39⤵PID:2708
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"39⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4876 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"40⤵
- Checks computer location settings
- Executes dropped EXE
PID:4080 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"41⤵PID:2800
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"41⤵PID:3652
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"41⤵PID:3332
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"41⤵PID:3268
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"41⤵PID:4856
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"41⤵PID:2468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"41⤵PID:3924
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"41⤵PID:2308
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"41⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2316 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"42⤵
- Checks computer location settings
- Executes dropped EXE
PID:232 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:2432
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:2820
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:800
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:3908
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:876
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:940
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:1972
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:1672
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"43⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3684 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"44⤵
- Checks computer location settings
- Executes dropped EXE
PID:1476 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"45⤵PID:2888
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"45⤵PID:4828
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"45⤵PID:368
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"45⤵PID:2396
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"45⤵PID:1456
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"45⤵PID:3512
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"45⤵PID:3380
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"45⤵PID:2352
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"45⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4736 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"46⤵
- Checks computer location settings
- Executes dropped EXE
PID:4332 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"47⤵PID:3008
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"47⤵PID:4012
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"47⤵PID:3736
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"47⤵PID:3052
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"47⤵PID:3328
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"47⤵PID:1188
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"47⤵PID:4380
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"47⤵PID:5028
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"47⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1628 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"48⤵
- Checks computer location settings
- Executes dropped EXE
PID:4068 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:324
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:2752
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:1580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:4340
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:4420
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:3256
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:4328
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:3608
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"49⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:632 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"50⤵
- Checks computer location settings
- Executes dropped EXE
PID:4812 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"51⤵PID:3336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"51⤵PID:1932
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"51⤵PID:2728
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"51⤵PID:3756
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"51⤵PID:428
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"51⤵PID:1596
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"51⤵PID:1944
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"51⤵PID:1748
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"51⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3084 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"52⤵
- Checks computer location settings
- Executes dropped EXE
PID:4560 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"53⤵PID:2264
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"53⤵PID:3352
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"53⤵PID:3272
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"53⤵PID:2368
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"53⤵PID:4524
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"53⤵PID:3284
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"53⤵PID:1628
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"53⤵PID:4908
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"53⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4048 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"54⤵
- Checks computer location settings
- Executes dropped EXE
PID:4360 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:2732
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:1940
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:2920
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:3164
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:3084
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:5084
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:424
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:184
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"55⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1012 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"56⤵
- Checks computer location settings
- Executes dropped EXE
PID:2028 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"57⤵PID:2516
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"57⤵PID:2012
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"57⤵PID:388
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"57⤵PID:3092
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"57⤵PID:2188
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"57⤵PID:932
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"57⤵PID:4300
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"57⤵PID:3004
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"57⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1704 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"58⤵
- Checks computer location settings
- Executes dropped EXE
PID:5112 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"59⤵PID:820
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"59⤵PID:4116
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"59⤵PID:4560
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"59⤵PID:1352
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"59⤵PID:1012
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"59⤵PID:3524
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"59⤵PID:2336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"59⤵PID:3076
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"59⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4808 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"60⤵
- Checks computer location settings
- Executes dropped EXE
PID:2688 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:2004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:3340
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:4048
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:2208
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:1540
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:1040
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:4068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:4984
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"61⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3684 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"62⤵
- Checks computer location settings
- Executes dropped EXE
PID:3188 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"63⤵PID:4988
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"63⤵PID:2404
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"63⤵PID:1704
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"63⤵PID:1468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"63⤵PID:1296
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"63⤵PID:3488
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"63⤵PID:396
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"63⤵PID:1176
-
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"63⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5124 -
C:\Program Files (x86)\InstallDir\Server.exe"C:\Program Files (x86)\InstallDir\Server.exe"64⤵
- Executes dropped EXE
PID:5148 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"65⤵PID:5196
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
108KB
MD5394c814fd0a051c1b314f71c54d429d7
SHA1acfee59919253cc2cb6d34509ca48b69637847c5
SHA2562916d8917eb29957c0fe9e728c6eb772d0d71ca943b3b17ca7893bfcbf13aed1
SHA5129805c8b879ca86ab8225e1d10b24442ef75feda8c1044eb87c7a736530d6a8d51b7ee3f9af7869c6868d85a613720628ef9cc4b4dd6354f5891aa6113a7475f8
-
Filesize
1KB
MD5ea2abee352e209d80bfaf6f4645021be
SHA116704423ad798e65573892cd74be848401a5716d
SHA256c8380982d1b40c5dfd79fe28334666571de2ba3296a1de01fe062ab87e63509d
SHA5129c3c18eb0efabc64b13076d41aaf3048b2ac6277f16a47dca6dd3e80d4d60d5b1b473bbe90b0f78fafc2707ee53086ab892a8845d5847f630bdfb8babf91387b