Analysis
-
max time kernel
149s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
18-07-2024 12:24
Static task
static1
Behavioral task
behavioral1
Sample
575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe
-
Size
224KB
-
MD5
575db21a5dc340c665e677bade789e3d
-
SHA1
b083f5c6e289f61799e2d9a1d20b84ee6b99a077
-
SHA256
006c2f9910644d6cb24c2d325a55d95f36beab9854a1d80f13091507c785e72d
-
SHA512
ab701a638ae6fc98a8429bb6b4c352c702e34c9ba709cc4d85c7cc2456987b79e604f726bdb7890999ca612a6c347c9d301a91118a73e7e5202c7e7d2ec93855
-
SSDEEP
768:gJfN8ZTmp3eVLWkaxuUl0+qn+NT+Eo+wWGQYmSs1QORV1U5Wuftxv31e+mLSERt4:gJfN8Zgl2fx5mbRtPrL91FFk
Malware Config
Extracted
xtremerat
cry1.no-ip.biz
Signatures
-
Detect XtremeRAT payload 16 IoCs
Processes:
resource yara_rule behavioral2/memory/2584-2-0x0000000000C80000-0x0000000000C93000-memory.dmp family_xtremerat behavioral2/memory/2584-3-0x0000000000C80000-0x0000000000C93000-memory.dmp family_xtremerat behavioral2/memory/2584-4-0x0000000000C80000-0x0000000000C93000-memory.dmp family_xtremerat behavioral2/memory/2584-5-0x0000000000C80000-0x0000000000C93000-memory.dmp family_xtremerat behavioral2/memory/2584-21-0x0000000000C80000-0x0000000000C93000-memory.dmp family_xtremerat behavioral2/memory/3116-25-0x0000000000C80000-0x0000000000C93000-memory.dmp family_xtremerat behavioral2/memory/3116-26-0x0000000000C80000-0x0000000000C93000-memory.dmp family_xtremerat behavioral2/memory/3116-31-0x0000000000C80000-0x0000000000C93000-memory.dmp family_xtremerat behavioral2/memory/3212-36-0x0000000000C80000-0x0000000000C93000-memory.dmp family_xtremerat behavioral2/memory/4588-45-0x0000000000C80000-0x0000000000C93000-memory.dmp family_xtremerat behavioral2/memory/4464-54-0x0000000000C80000-0x0000000000C93000-memory.dmp family_xtremerat behavioral2/memory/1084-63-0x0000000000C80000-0x0000000000C93000-memory.dmp family_xtremerat behavioral2/memory/4076-81-0x0000000000C80000-0x0000000000C93000-memory.dmp family_xtremerat behavioral2/memory/4364-90-0x0000000000C80000-0x0000000000C93000-memory.dmp family_xtremerat behavioral2/memory/712-99-0x0000000000C80000-0x0000000000C93000-memory.dmp family_xtremerat behavioral2/memory/2548-171-0x0000000000C80000-0x0000000000C93000-memory.dmp family_xtremerat -
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 62 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
Processes:
kl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exe575db21a5dc340c665e677bade789e3d_JaffaCakes118.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exedescription ioc Process Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0} kl.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E4W3P17Q-3L6H-60S0-5VGJ-XN5PV58TU0P0}\StubPath = "C:\\Windows\\InstallDir\\kl.exe restart" kl.exe -
Checks computer location settings 2 TTPs 30 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
kl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exe575db21a5dc340c665e677bade789e3d_JaffaCakes118.exekl.exekl.exekl.exedescription ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation kl.exe -
Executes dropped EXE 60 IoCs
Processes:
kl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exepid Process 3948 kl.exe 3116 kl.exe 1396 kl.exe 3212 kl.exe 1276 kl.exe 4588 kl.exe 3504 kl.exe 4464 kl.exe 4772 kl.exe 1084 kl.exe 3512 kl.exe 4140 kl.exe 3308 kl.exe 4076 kl.exe 4336 kl.exe 4364 kl.exe 2148 kl.exe 712 kl.exe 2880 kl.exe 2556 kl.exe 1936 kl.exe 3308 kl.exe 2296 kl.exe 3184 kl.exe 2148 kl.exe 3632 kl.exe 1444 kl.exe 3444 kl.exe 4324 kl.exe 2132 kl.exe 1504 kl.exe 5076 kl.exe 2356 kl.exe 2548 kl.exe 3548 kl.exe 628 kl.exe 2132 kl.exe 4212 kl.exe 3740 kl.exe 3632 kl.exe 5276 kl.exe 5308 kl.exe 5448 kl.exe 5472 kl.exe 5608 kl.exe 5632 kl.exe 5940 kl.exe 5968 kl.exe 6120 kl.exe 4948 kl.exe 3632 kl.exe 5332 kl.exe 5476 kl.exe 5628 kl.exe 5728 kl.exe 5720 kl.exe 6128 kl.exe 1496 kl.exe 1568 kl.exe 2544 kl.exe -
Suspicious use of SetThreadContext 31 IoCs
Processes:
575db21a5dc340c665e677bade789e3d_JaffaCakes118.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exedescription pid Process procid_target PID 4948 set thread context of 2584 4948 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 85 PID 3948 set thread context of 3116 3948 kl.exe 99 PID 1396 set thread context of 3212 1396 kl.exe 112 PID 1276 set thread context of 4588 1276 kl.exe 123 PID 3504 set thread context of 4464 3504 kl.exe 134 PID 4772 set thread context of 1084 4772 kl.exe 144 PID 3512 set thread context of 4140 3512 kl.exe 155 PID 3308 set thread context of 4076 3308 kl.exe 166 PID 4336 set thread context of 4364 4336 kl.exe 177 PID 2148 set thread context of 712 2148 kl.exe 187 PID 2880 set thread context of 2556 2880 kl.exe 197 PID 1936 set thread context of 3308 1936 kl.exe 207 PID 2296 set thread context of 3184 2296 kl.exe 217 PID 2148 set thread context of 3632 2148 kl.exe 227 PID 1444 set thread context of 3444 1444 kl.exe 238 PID 4324 set thread context of 2132 4324 kl.exe 248 PID 1504 set thread context of 5076 1504 kl.exe 258 PID 2356 set thread context of 2548 2356 kl.exe 268 PID 3548 set thread context of 628 3548 kl.exe 278 PID 2132 set thread context of 4212 2132 kl.exe 288 PID 3740 set thread context of 3632 3740 kl.exe 298 PID 5276 set thread context of 5308 5276 kl.exe 312 PID 5448 set thread context of 5472 5448 kl.exe 322 PID 5608 set thread context of 5632 5608 kl.exe 332 PID 5940 set thread context of 5968 5940 kl.exe 345 PID 6120 set thread context of 4948 6120 kl.exe 355 PID 3632 set thread context of 5332 3632 kl.exe 365 PID 5476 set thread context of 5628 5476 kl.exe 375 PID 5728 set thread context of 5720 5728 kl.exe 385 PID 6128 set thread context of 1496 6128 kl.exe 398 PID 1568 set thread context of 2544 1568 kl.exe 408 -
Drops file in Windows directory 2 IoCs
Processes:
575db21a5dc340c665e677bade789e3d_JaffaCakes118.exedescription ioc Process File created C:\Windows\InstallDir\kl.exe 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe File opened for modification C:\Windows\InstallDir\kl.exe 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 31 IoCs
Processes:
575db21a5dc340c665e677bade789e3d_JaffaCakes118.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exekl.exepid Process 4948 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 3948 kl.exe 1396 kl.exe 1276 kl.exe 3504 kl.exe 4772 kl.exe 3512 kl.exe 3308 kl.exe 4336 kl.exe 2148 kl.exe 2880 kl.exe 1936 kl.exe 2296 kl.exe 2148 kl.exe 1444 kl.exe 4324 kl.exe 1504 kl.exe 2356 kl.exe 3548 kl.exe 2132 kl.exe 3740 kl.exe 5276 kl.exe 5448 kl.exe 5608 kl.exe 5940 kl.exe 6120 kl.exe 3632 kl.exe 5476 kl.exe 5728 kl.exe 6128 kl.exe 1568 kl.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe575db21a5dc340c665e677bade789e3d_JaffaCakes118.exekl.exekl.exedescription pid Process procid_target PID 4948 wrote to memory of 2584 4948 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 85 PID 4948 wrote to memory of 2584 4948 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 85 PID 4948 wrote to memory of 2584 4948 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 85 PID 4948 wrote to memory of 2584 4948 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 85 PID 4948 wrote to memory of 2584 4948 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 85 PID 4948 wrote to memory of 2584 4948 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 85 PID 4948 wrote to memory of 2584 4948 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 85 PID 4948 wrote to memory of 2584 4948 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 85 PID 4948 wrote to memory of 2584 4948 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 85 PID 4948 wrote to memory of 2584 4948 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 85 PID 4948 wrote to memory of 2584 4948 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 85 PID 4948 wrote to memory of 2584 4948 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 85 PID 4948 wrote to memory of 2584 4948 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 85 PID 2584 wrote to memory of 1588 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 88 PID 2584 wrote to memory of 1588 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 88 PID 2584 wrote to memory of 1588 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 88 PID 2584 wrote to memory of 3500 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 89 PID 2584 wrote to memory of 3500 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 89 PID 2584 wrote to memory of 3500 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 89 PID 2584 wrote to memory of 3952 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 90 PID 2584 wrote to memory of 3952 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 90 PID 2584 wrote to memory of 3952 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 90 PID 2584 wrote to memory of 4544 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 91 PID 2584 wrote to memory of 4544 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 91 PID 2584 wrote to memory of 4544 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 91 PID 2584 wrote to memory of 3128 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 92 PID 2584 wrote to memory of 3128 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 92 PID 2584 wrote to memory of 3128 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 92 PID 2584 wrote to memory of 3016 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 93 PID 2584 wrote to memory of 3016 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 93 PID 2584 wrote to memory of 3016 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 93 PID 2584 wrote to memory of 2432 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 94 PID 2584 wrote to memory of 2432 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 94 PID 2584 wrote to memory of 2432 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 94 PID 2584 wrote to memory of 2320 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 95 PID 2584 wrote to memory of 2320 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 95 PID 2584 wrote to memory of 3948 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 98 PID 2584 wrote to memory of 3948 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 98 PID 2584 wrote to memory of 3948 2584 575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe 98 PID 3948 wrote to memory of 3116 3948 kl.exe 99 PID 3948 wrote to memory of 3116 3948 kl.exe 99 PID 3948 wrote to memory of 3116 3948 kl.exe 99 PID 3948 wrote to memory of 3116 3948 kl.exe 99 PID 3948 wrote to memory of 3116 3948 kl.exe 99 PID 3948 wrote to memory of 3116 3948 kl.exe 99 PID 3948 wrote to memory of 3116 3948 kl.exe 99 PID 3948 wrote to memory of 3116 3948 kl.exe 99 PID 3948 wrote to memory of 3116 3948 kl.exe 99 PID 3948 wrote to memory of 3116 3948 kl.exe 99 PID 3948 wrote to memory of 3116 3948 kl.exe 99 PID 3948 wrote to memory of 3116 3948 kl.exe 99 PID 3948 wrote to memory of 3116 3948 kl.exe 99 PID 3116 wrote to memory of 3264 3116 kl.exe 100 PID 3116 wrote to memory of 3264 3116 kl.exe 100 PID 3116 wrote to memory of 3264 3116 kl.exe 100 PID 3116 wrote to memory of 2732 3116 kl.exe 103 PID 3116 wrote to memory of 2732 3116 kl.exe 103 PID 3116 wrote to memory of 2732 3116 kl.exe 103 PID 3116 wrote to memory of 2208 3116 kl.exe 104 PID 3116 wrote to memory of 2208 3116 kl.exe 104 PID 3116 wrote to memory of 2208 3116 kl.exe 104 PID 3116 wrote to memory of 2928 3116 kl.exe 105 PID 3116 wrote to memory of 2928 3116 kl.exe 105 PID 3116 wrote to memory of 2928 3116 kl.exe 105
Processes
-
C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4948 -
C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\575db21a5dc340c665e677bade789e3d_JaffaCakes118.exe"2⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2584 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:3500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:3128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:3016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:2432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:2320
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3948 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3116 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:3264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4824
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1396 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:3212 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:2408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:3144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:3456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:3920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5088
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1276 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"8⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:4588 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:4572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:4672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:2844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:3028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:3988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:5048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:2824
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3504 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"10⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:4464 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:3484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:3956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:1760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:4456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:4148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:932
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"11⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4772 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"12⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:1084 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:3668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:3496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:2068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:1292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:2500
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"13⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3512 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"14⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:4140 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:4260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:4192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:2348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:2948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:4204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:4116
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"15⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3308 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"16⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:4076 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:4220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:3156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:3540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:3236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:2024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:4152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:1008
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"17⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4336 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"18⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:4364 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:2424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:3504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:1356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:1572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:1116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:1584
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"19⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2148 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"20⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:712 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"21⤵PID:2900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"21⤵PID:2040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"21⤵PID:4716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"21⤵PID:4028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"21⤵PID:3996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"21⤵PID:4016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"21⤵PID:1952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"21⤵PID:3680
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"21⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2880 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"22⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:2556 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"23⤵PID:1608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"23⤵PID:528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"23⤵PID:2668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"23⤵PID:1380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"23⤵PID:4032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"23⤵PID:3788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"23⤵PID:4796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"23⤵PID:832
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"23⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1936 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"24⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:3308 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:1676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:5032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:3948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:1668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:4852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:3556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:3112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:4500
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"25⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2296 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"26⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:3184 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"27⤵PID:4828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"27⤵PID:348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"27⤵PID:4336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"27⤵PID:5108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"27⤵PID:4308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"27⤵PID:4272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"27⤵PID:1324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"27⤵PID:428
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"27⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2148 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"28⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:3632 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"29⤵PID:1084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"29⤵PID:4772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"29⤵PID:4244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"29⤵PID:4856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"29⤵PID:1636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"29⤵PID:3672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"29⤵PID:1936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"29⤵PID:2164
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"29⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1444 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"30⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:3444 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:4972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:4076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:4636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:3088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:2156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:2000
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"31⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4324 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"32⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:2132 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"33⤵PID:4288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"33⤵PID:4056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"33⤵PID:2684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"33⤵PID:3736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"33⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"33⤵PID:4296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"33⤵PID:4012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"33⤵PID:1500
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"33⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1504 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"34⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:5076 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"35⤵PID:1336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"35⤵PID:452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"35⤵PID:3160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"35⤵PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"35⤵PID:3092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"35⤵PID:2968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"35⤵PID:1284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"35⤵PID:1828
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"35⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2356 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"36⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:2548 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:1128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:4376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:1820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:2584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:4144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:1940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:2364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:716
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"37⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3548 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"38⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:628 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"39⤵PID:1352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"39⤵PID:2324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"39⤵PID:4172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"39⤵PID:1812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"39⤵PID:4788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"39⤵PID:1280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"39⤵PID:2720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"39⤵PID:808
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"39⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2132 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"40⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:4212 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"41⤵PID:388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"41⤵PID:4492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"41⤵PID:1040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"41⤵PID:3976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"41⤵PID:2696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"41⤵PID:2464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"41⤵PID:2356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"41⤵PID:1300
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"41⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3740 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"42⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:3632 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:2240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:3548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:1444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:5228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:5244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:5252
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"43⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5276 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"44⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:5308 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"45⤵PID:5356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"45⤵PID:5364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"45⤵PID:5376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"45⤵PID:5384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"45⤵PID:5396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"45⤵PID:5404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"45⤵PID:5416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"45⤵PID:5424
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"45⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5448 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"46⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:5472 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"47⤵PID:5516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"47⤵PID:5524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"47⤵PID:5536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"47⤵PID:5544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"47⤵PID:5556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"47⤵PID:5564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"47⤵PID:5576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"47⤵PID:5584
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"47⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5608 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"48⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:5632 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:5704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:5836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:5848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:5876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:5888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:5896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:5908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:5916
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"49⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5940 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"50⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:5968 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"51⤵PID:6012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"51⤵PID:6024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"51⤵PID:6036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"51⤵PID:6044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"51⤵PID:6056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"51⤵PID:6068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"51⤵PID:6080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"51⤵PID:6096
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"51⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:6120 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"52⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:4948 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"53⤵PID:3368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"53⤵PID:232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"53⤵PID:1720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"53⤵PID:3260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"53⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"53⤵PID:3336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"53⤵PID:116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"53⤵PID:1928
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"53⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3632 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"54⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:5332 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:4388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:5392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:5340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:5328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:5436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:5324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:5508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:5572
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"55⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5476 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"56⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:5628 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"57⤵PID:5156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"57⤵PID:5124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"57⤵PID:5168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"57⤵PID:2020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"57⤵PID:5176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"57⤵PID:5132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"57⤵PID:5152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"57⤵PID:1060
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"57⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5728 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"58⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:5720 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"59⤵PID:5680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"59⤵PID:5684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"59⤵PID:5712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"59⤵PID:5764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"59⤵PID:5716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"59⤵PID:5928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"59⤵PID:6116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"59⤵PID:6136
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"59⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:6128 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"60⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:1496 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:5272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:4948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:5316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:5296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:3632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:5304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:1472
-
-
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"61⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1568 -
C:\Windows\InstallDir\kl.exe"C:\Windows\InstallDir\kl.exe"62⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:2544 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"63⤵PID:5592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"63⤵PID:5320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"63⤵PID:5500
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5bb05d79a7873df664af7b26975f6fc4d
SHA1be1140d890d7e73d84415a3dea96904f276a0d50
SHA256651cab24968ddc71e78314488c06d0963d499b8f8241e91122423cedd4c60277
SHA512c946f023f28cb0d51934714a86974e9f5b9c406492b60dd73c8bdc9186fd490ceabb7fb73fb0510a95b06ce6574bc5ab5a563a88ecb5342bad3a654b1606588e
-
Filesize
224KB
MD5575db21a5dc340c665e677bade789e3d
SHA1b083f5c6e289f61799e2d9a1d20b84ee6b99a077
SHA256006c2f9910644d6cb24c2d325a55d95f36beab9854a1d80f13091507c785e72d
SHA512ab701a638ae6fc98a8429bb6b4c352c702e34c9ba709cc4d85c7cc2456987b79e604f726bdb7890999ca612a6c347c9d301a91118a73e7e5202c7e7d2ec93855