Analysis
-
max time kernel
149s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
11-07-2024 21:17
Static task
static1
Behavioral task
behavioral1
Sample
3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe
-
Size
794KB
-
MD5
3abe036fb0de2efc32cb6332639fab8a
-
SHA1
45ac81bf31b28f8325b2204ec3577a0731ac41d7
-
SHA256
471c51c333571e7e5a079db176206107ce3cfa5e89534f4007d779ce13508511
-
SHA512
ba79ba90ca78aa940f3f647d591bd5b1f5448a2e949db3e8c56ec87cefc02a750ead5fa60dce3e88be0b339676452cef8ecf1449abecdf290b555b04269d1b58
-
SSDEEP
12288:TeOvpyCRfHsdeU8p0U3Ecr+Oz/l2/nZDcZaj44vqd:Ciy8Hsd+p0CTdzd2/nZDTDG
Malware Config
Extracted
xtremerat
ala.no-ip.biz
Signatures
-
Detect XtremeRAT payload 30 IoCs
Processes:
resource yara_rule behavioral1/memory/2728-11-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2724-15-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2748-25-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2176-34-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2960-42-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2836-45-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/576-52-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/1364-56-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2024-64-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/1920-67-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/1708-79-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/788-84-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2084-96-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/1788-100-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2004-103-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/1016-112-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2888-114-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2160-120-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/536-129-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2644-133-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2096-134-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2584-141-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/3052-145-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/1136-149-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/1016-156-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2840-157-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2584-161-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/1760-162-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/3100-169-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/3172-174-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat -
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 64 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
Processes:
3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe restart" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe -
Executes dropped EXE 64 IoCs
Processes:
3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exepid process 2748 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2176 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2960 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2836 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 576 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 1364 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2024 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 1920 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 1708 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 788 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2084 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 1788 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2004 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 1016 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2888 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2160 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 536 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2096 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2644 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2584 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3052 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 1136 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2840 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 1760 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 1016 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2584 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3100 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3172 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3252 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3424 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3488 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3596 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3756 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3792 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3956 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 4016 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3112 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 1680 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3404 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3608 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2512 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3936 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 4068 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3560 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3100 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2104 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2492 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3064 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 4140 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 4216 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 4272 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 4480 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 4524 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 4636 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 4860 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 4924 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 5008 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 5064 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 4244 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 4236 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 4876 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 4984 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 4948 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 4556 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe -
Loads dropped DLL 64 IoCs
Processes:
3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exesvchost.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exepid process 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2748 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2728 svchost.exe 2728 svchost.exe 2176 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2960 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2728 svchost.exe 2728 svchost.exe 1364 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2728 svchost.exe 2728 svchost.exe 1920 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2728 svchost.exe 2728 svchost.exe 1708 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 788 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2728 svchost.exe 2728 svchost.exe 2084 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2004 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2728 svchost.exe 2728 svchost.exe 2888 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2160 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2728 svchost.exe 2728 svchost.exe 536 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2096 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2728 svchost.exe 2728 svchost.exe 2584 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3052 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 1136 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2728 svchost.exe 2728 svchost.exe 2840 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 1760 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2728 svchost.exe 2728 svchost.exe 3100 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3172 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2728 svchost.exe 2728 svchost.exe 3488 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3424 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3596 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2728 svchost.exe 2728 svchost.exe 3756 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 4016 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2728 svchost.exe 2728 svchost.exe 3112 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 1680 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2728 svchost.exe 2728 svchost.exe 3608 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3936 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2728 svchost.exe 2728 svchost.exe 4068 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3560 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3100 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 2492 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe -
Molebox Virtualization software 1 IoCs
Detects file using Molebox Virtualization software.
Processes:
resource yara_rule \Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe molebox -
Processes:
resource yara_rule behavioral1/memory/2728-11-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2724-15-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2748-25-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2176-34-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2960-42-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2836-45-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/576-52-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/1364-56-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2024-64-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/1920-67-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/1708-79-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/788-84-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2084-96-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/1788-100-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2004-103-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/1016-112-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2888-114-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2160-120-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/536-129-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2644-133-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2096-134-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2584-141-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/3052-145-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/1136-149-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/1016-156-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2840-157-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2584-161-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/1760-162-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/3100-169-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/3172-174-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx -
Adds Run key to start application 2 TTPs 64 IoCs
Processes:
3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exesvchost.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" svchost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe" 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exedescription pid process target process PID 2724 wrote to memory of 2728 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe svchost.exe PID 2724 wrote to memory of 2728 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe svchost.exe PID 2724 wrote to memory of 2728 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe svchost.exe PID 2724 wrote to memory of 2728 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe svchost.exe PID 2724 wrote to memory of 2728 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe svchost.exe PID 2724 wrote to memory of 2388 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2388 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2388 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2388 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2388 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2860 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2860 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2860 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2860 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2860 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2244 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2244 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2244 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2244 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2244 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2848 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2848 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2848 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2848 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2848 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2872 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2872 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2872 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2872 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2872 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2756 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2756 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2756 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2756 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2756 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2912 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2912 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2912 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2912 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2912 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2252 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2252 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2252 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2252 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2724 wrote to memory of 2748 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe PID 2724 wrote to memory of 2748 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe PID 2724 wrote to memory of 2748 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe PID 2724 wrote to memory of 2748 2724 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe PID 2748 wrote to memory of 2648 2748 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2748 wrote to memory of 2648 2748 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2748 wrote to memory of 2648 2748 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2748 wrote to memory of 2648 2748 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2748 wrote to memory of 2648 2748 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2748 wrote to memory of 1940 2748 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2748 wrote to memory of 1940 2748 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2748 wrote to memory of 1940 2748 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2748 wrote to memory of 1940 2748 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2748 wrote to memory of 1940 2748 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2748 wrote to memory of 3036 2748 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2748 wrote to memory of 3036 2748 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2748 wrote to memory of 3036 2748 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2748 wrote to memory of 3036 2748 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2748 wrote to memory of 3036 2748 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe PID 2748 wrote to memory of 2632 2748 3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe iexplore.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"1⤵
- Boot or Logon Autostart Execution: Active Setup
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2724 -
C:\Windows\SysWOW64\svchost.exesvchost.exe2⤵
- Loads dropped DLL
- Adds Run key to start application
PID:2728 -
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2960 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2268
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1688
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:396
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2072
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1224
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1844
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1848
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:844
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"4⤵
- Executes dropped EXE
- Adds Run key to start application
PID:576 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2288
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1472
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1960
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2380
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:1364 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1632
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2392
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1092
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2364
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2384
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2220
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2144
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:856
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"4⤵
- Executes dropped EXE
PID:2024 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2452
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:1920 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1324
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1856
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2468
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2684
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:924
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:956
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3024
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1276
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:1708 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1540
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1660
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2480
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2992
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1936
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:908
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3000
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1704
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2084 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2108
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1592
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2808
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2952
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2776
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2692
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2576
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2700
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:1016 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1972
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1036
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:788 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1728
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2296
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1440
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2432
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2348
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2672
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2520
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1964
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:1788 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:884
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2784
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2732
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2696
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2964
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2572
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2640
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2004 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1604
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2352
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2248
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2856
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2708
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1204
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2540
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2080
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2888 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2920
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1968
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1068
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2836
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:592
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2372
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2128
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2660
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:536 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:280
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1380
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2292
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1708
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1860
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:788
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1612
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1564
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:2584 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1644
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2176
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1060
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1128
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2256
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2956
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2960
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1556
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"7⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2840 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:536
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1032
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1928
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2216
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1812
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1336
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1528
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3076
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"8⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3100 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3144
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3216
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3236
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3264
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3308
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3332
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3364
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3388
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"9⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3424 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3480
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3544
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3564
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3580
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3636
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3660
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3688
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3712
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"10⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:3792 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3852
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3884
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3916
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3976
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2160 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1140
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:644
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1988
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:484
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:604
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1048
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2400
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2404
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2096 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2396
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1720
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1548
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1976
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1724
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2428
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1716
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2084
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3052 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2004
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2892
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2336
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2556
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2060
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1088
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:880
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1608
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:1760 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2096
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:936
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2748
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1580
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2668
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1180
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2020
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3120
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"7⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:3172 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3204
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3228
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3244
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3300
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3324
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3352
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3380
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3432
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"8⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3488 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3528
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3552
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3572
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3588
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3644
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3668
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3696
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3720
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"9⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3756 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3824
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3876
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3908
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3940
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4028
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4072
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4092
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3096
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"10⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:3112 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3168
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3160
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3196
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3224
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:2936
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3460
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3172
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3256
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"11⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3608 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3780
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3508
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3804
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3820
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:2988
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3612
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4052
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3792
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"12⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:4068 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:600
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:3164
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:4040
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:3296
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:3004
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:3444
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:3492
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:3728
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"13⤵
- Executes dropped EXE
PID:2104 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4088
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3608
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵
- Executes dropped EXE
PID:2644 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2500
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1652
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:352
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1640
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:888
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3060
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:1136 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2076
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2192
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1636
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1344
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1772
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2884
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2412
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2780
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:1016 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2320
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2068
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:840
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:2584 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:876
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1788
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:380
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2940
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1016
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:3252 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3284
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3316
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3340
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3372
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3396
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3596 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3624
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3652
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3680
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3704
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3772
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3868
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3900
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3924
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:3956 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3996
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:4016 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4056
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4080
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2604
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2744
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2644
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1760
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3188
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3276
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:1680 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3132
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3476
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3524
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3616
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3800
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3768
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3812
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3424
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"5⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2512 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3948
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵
- Executes dropped EXE
- Adds Run key to start application
PID:3404 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3472
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3452
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3292
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3936 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3992
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3840
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2840
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2620
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3184
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2832
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4020
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3440
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:3560 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3176
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1572
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2512
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3740
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2788
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3896
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3600
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3744
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:2492 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2100
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:636
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2088
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1944
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3100
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3968
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4100
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4116
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:4140 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4188
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4264
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4320
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4344
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4372
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4396
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4424
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4448
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"7⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:4480 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4560
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4616
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4692
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4716
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4744
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4768
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4796
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4820
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"8⤵
- Executes dropped EXE
- Adds Run key to start application
PID:4860 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:4908
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:5000
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:5072
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:2300
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:4136
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:2492
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:4180
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3212
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"9⤵
- Executes dropped EXE
- Adds Run key to start application
PID:4244 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4468
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4464
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4216
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4628
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4612
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4668
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4740
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4848
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"10⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:4876 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:4528
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:4940
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5092
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3100 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:316
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1680
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3984
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3088
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3604
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3412
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3136
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3116
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:3064 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3112
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3756
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3956
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4068
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3736
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1388
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4108
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4156
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:4216 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4248
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4284
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4328
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4352
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4380
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4404
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4432
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4472
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:4524 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4588
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4648
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4700
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4724
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4752
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4776
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4804
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4832
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"7⤵
- Executes dropped EXE
- Adds Run key to start application
PID:4924 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4960
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5028
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:4272 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4304
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4336
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4360
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4388
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4412
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4440
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4500
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4604
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"4⤵
- Executes dropped EXE
PID:4636 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4676
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4708
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4732
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4760
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4784
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4812
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4852
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4976
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:5008 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5056
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵
- Executes dropped EXE
PID:5064 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5096
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4148
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4124
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4168
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4224
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3064
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4176
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4140
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:4236 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4580
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4644
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4276
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4544
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4568
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4828
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4596
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4956
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:4984 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4944
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4924
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4280
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4896
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4860
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4420
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4520
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5104
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:4556 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4164
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4640
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4488
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4460
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4516
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5044
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5020
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4200
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"7⤵
- Adds Run key to start application
PID:5152 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5192
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5260
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5360
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5384
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5412
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5436
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5464
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5488
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"8⤵
- Boot or Logon Autostart Execution: Active Setup
PID:5532 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:5572
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:5672
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:5736
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:5792
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:5820
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:5844
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:5872
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:5896
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"9⤵PID:5936
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5972
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6000
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6056
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6124
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5136
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4556
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5228
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5124
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"10⤵
- Adds Run key to start application
PID:5280 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5336
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5540
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:4948 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2984
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4920
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3808
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4300
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4532
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5068
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4660
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4892
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:4540 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5052
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4552
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4984
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5012
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4928
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4884
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5144
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5208
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
PID:5240 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5296
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5368
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5392
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5420
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5444
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5472
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5496
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5580
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"6⤵
- Adds Run key to start application
PID:5604 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5644
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5728
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5784
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5812
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5836
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5864
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5888
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:5008 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4972
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4512
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4484
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4844
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5016
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5108
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5172
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5232
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
PID:5308 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5344
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5376
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5404
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5428
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5456
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5480
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5524
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5624
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"5⤵
- Adds Run key to start application
PID:5680 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5712
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵
- Adds Run key to start application
PID:5744 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5768
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5800
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5828
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5852
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5880
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5904
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5992
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:6008
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:6036 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:6076
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:6132
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4872
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5168
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5216
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5252
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2656
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5204
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:5156 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5284
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5304
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5332
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5688
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5752
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5684
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2264
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5928
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"6⤵
- Adds Run key to start application
PID:5536 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3892
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5756
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5316
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5292
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5272
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:6092
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5508
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5180
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"7⤵PID:5600
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5664
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5948
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵
- Adds Run key to start application
PID:6088 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:6116
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5160
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5132
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5040
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5224
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵PID:5616
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5356
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5312
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5704
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5720
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5724
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5556
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5652
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:6028
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:6052 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:576
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5960
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5936
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:6104
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1768
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:6040
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5276
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5764
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"5⤵PID:5588
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5744
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:2388
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:2860
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:2244
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:2848
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:2872
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:2756
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:2912
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:2252
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"2⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2748 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2648
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:1940
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:3036
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2632
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:1108
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:1932
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2588
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:1924
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:2176 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2156
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2416
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2360
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1292
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1900
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2464
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2028
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2284
-
C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3abe036fb0de2efc32cb6332639fab8a_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:2836 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2180
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD556f790849131cc9097bf01d1f0ed1a19
SHA1f08cce747c9c243bd318c8a9419a7e65497de6f9
SHA2565a24b16fd95080f676e66243769ab5a67b02b34a8d1063f6d1834c5127d03c90
SHA512b5591abe11c235ced3031d7fe2f9cc523979939de91b691e27eb9a0387861017ea8232639e5de0210b89987e1482592bdc2bd7f7c22bbfd3b2df032a9307f414
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
794KB
MD53abe036fb0de2efc32cb6332639fab8a
SHA145ac81bf31b28f8325b2204ec3577a0731ac41d7
SHA256471c51c333571e7e5a079db176206107ce3cfa5e89534f4007d779ce13508511
SHA512ba79ba90ca78aa940f3f647d591bd5b1f5448a2e949db3e8c56ec87cefc02a750ead5fa60dce3e88be0b339676452cef8ecf1449abecdf290b555b04269d1b58