Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
18-07-2024 15:21
Static task
static1
Behavioral task
behavioral1
Sample
57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe
-
Size
794KB
-
MD5
57f3516f894bbbbc8e5db3e5039c39b9
-
SHA1
696579a0255e9b22a9e7fa78f83f849cc33a8de7
-
SHA256
1d12bc425e604295c722ff2bea25e63c6ce3b7bcc9ddbd2ae2311dd734199a60
-
SHA512
f1e6d141b3c65b6a28422c43571c2eaa52fb05433b11f05e3065579629473133c29d4623c7873d69907a770fe57678208d6dcc674cda0156459188c33041c1e9
-
SSDEEP
12288:TeOvpyCRfHsdeU8p0U3Ecr+Oz/l2/nZDcZaj44vqd:Ciy8Hsd+p0CTdzd2/nZDTDG
Malware Config
Extracted
xtremerat
ala.no-ip.biz
Signatures
-
Detect XtremeRAT payload 31 IoCs
Processes:
resource yara_rule behavioral1/memory/2320-11-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2168-15-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2784-21-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2588-37-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2960-41-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2520-50-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/1684-54-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2012-61-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2912-66-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/296-72-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/1556-75-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2484-82-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/1648-84-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/3068-92-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2052-96-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2788-107-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2680-113-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2960-125-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2444-131-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/1684-134-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2132-138-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/3004-140-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2376-143-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/628-150-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/616-151-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2960-156-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2996-162-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2244-163-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/860-167-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2980-171-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral1/memory/2480-173-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat -
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 64 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
Processes:
57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exedescription ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe -
Executes dropped EXE 64 IoCs
Processes:
57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exepid Process 2784 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2588 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2960 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 1684 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2012 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2520 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2912 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 296 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 1556 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2484 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 1648 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2052 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3068 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2788 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2680 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2960 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2444 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 1684 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3004 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2376 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2132 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 628 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 616 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2960 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2996 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2244 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 860 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2980 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2480 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3128 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3172 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3248 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3476 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3512 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3612 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3800 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3868 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3928 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2980 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3272 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 1488 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3796 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3852 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3996 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3620 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3660 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3828 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3856 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4136 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4184 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4392 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4508 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4552 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4632 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4808 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4920 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4992 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4160 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4432 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4524 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4572 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3660 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4404 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4564 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe -
Loads dropped DLL 64 IoCs
Processes:
57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exesvchost.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exepid Process 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2784 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2320 svchost.exe 2320 svchost.exe 2588 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2960 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2320 svchost.exe 2320 svchost.exe 1684 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2012 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2912 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 296 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2320 svchost.exe 2320 svchost.exe 1648 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2320 svchost.exe 2320 svchost.exe 2052 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2320 svchost.exe 2320 svchost.exe 2788 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2680 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2320 svchost.exe 2320 svchost.exe 2960 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2444 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 1684 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3004 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2376 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2320 svchost.exe 2320 svchost.exe 616 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2960 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2320 svchost.exe 2320 svchost.exe 2244 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 860 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2980 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2480 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2320 svchost.exe 2320 svchost.exe 3128 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3172 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3248 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3512 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3612 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2320 svchost.exe 2320 svchost.exe 3800 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3928 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2320 svchost.exe 2320 svchost.exe 2980 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3272 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2320 svchost.exe 2320 svchost.exe 3796 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3996 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2320 svchost.exe 2320 svchost.exe 3620 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3660 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3828 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3856 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe -
Molebox Virtualization software 1 IoCs
Detects file using Molebox Virtualization software.
Processes:
resource yara_rule behavioral1/files/0x000700000001961f-14.dat molebox -
Processes:
resource yara_rule behavioral1/memory/2320-11-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2168-15-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2784-21-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2588-37-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2960-41-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2520-50-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/1684-54-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2012-61-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2912-66-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/296-72-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/1556-75-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2484-82-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/1648-84-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/3068-92-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2052-96-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2788-107-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2680-113-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2960-125-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2444-131-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/1684-134-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2132-138-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/3004-140-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2376-143-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/628-150-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/616-151-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2960-156-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2996-162-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2244-163-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/860-167-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2980-171-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral1/memory/2480-173-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx -
Adds Run key to start application 2 TTPs 64 IoCs
Processes:
57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exesvchost.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exedescription ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" svchost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exedescription pid Process procid_target PID 2168 wrote to memory of 2320 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 31 PID 2168 wrote to memory of 2320 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 31 PID 2168 wrote to memory of 2320 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 31 PID 2168 wrote to memory of 2320 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 31 PID 2168 wrote to memory of 2320 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 31 PID 2168 wrote to memory of 3024 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 32 PID 2168 wrote to memory of 3024 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 32 PID 2168 wrote to memory of 3024 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 32 PID 2168 wrote to memory of 3024 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 32 PID 2168 wrote to memory of 3024 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 32 PID 2168 wrote to memory of 984 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 33 PID 2168 wrote to memory of 984 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 33 PID 2168 wrote to memory of 984 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 33 PID 2168 wrote to memory of 984 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 33 PID 2168 wrote to memory of 984 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 33 PID 2168 wrote to memory of 1500 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 34 PID 2168 wrote to memory of 1500 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 34 PID 2168 wrote to memory of 1500 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 34 PID 2168 wrote to memory of 1500 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 34 PID 2168 wrote to memory of 1500 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 34 PID 2168 wrote to memory of 3020 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 35 PID 2168 wrote to memory of 3020 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 35 PID 2168 wrote to memory of 3020 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 35 PID 2168 wrote to memory of 3020 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 35 PID 2168 wrote to memory of 3020 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 35 PID 2168 wrote to memory of 2688 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 36 PID 2168 wrote to memory of 2688 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 36 PID 2168 wrote to memory of 2688 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 36 PID 2168 wrote to memory of 2688 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 36 PID 2168 wrote to memory of 2688 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 36 PID 2168 wrote to memory of 2692 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 37 PID 2168 wrote to memory of 2692 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 37 PID 2168 wrote to memory of 2692 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 37 PID 2168 wrote to memory of 2692 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 37 PID 2168 wrote to memory of 2692 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 37 PID 2168 wrote to memory of 2744 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 38 PID 2168 wrote to memory of 2744 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 38 PID 2168 wrote to memory of 2744 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 38 PID 2168 wrote to memory of 2744 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 38 PID 2168 wrote to memory of 2744 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 38 PID 2168 wrote to memory of 2760 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 39 PID 2168 wrote to memory of 2760 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 39 PID 2168 wrote to memory of 2760 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 39 PID 2168 wrote to memory of 2760 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 39 PID 2168 wrote to memory of 2784 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 40 PID 2168 wrote to memory of 2784 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 40 PID 2168 wrote to memory of 2784 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 40 PID 2168 wrote to memory of 2784 2168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 40 PID 2784 wrote to memory of 2732 2784 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 41 PID 2784 wrote to memory of 2732 2784 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 41 PID 2784 wrote to memory of 2732 2784 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 41 PID 2784 wrote to memory of 2732 2784 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 41 PID 2784 wrote to memory of 2732 2784 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 41 PID 2784 wrote to memory of 2800 2784 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 42 PID 2784 wrote to memory of 2800 2784 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 42 PID 2784 wrote to memory of 2800 2784 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 42 PID 2784 wrote to memory of 2800 2784 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 42 PID 2784 wrote to memory of 2800 2784 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 42 PID 2784 wrote to memory of 3048 2784 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 43 PID 2784 wrote to memory of 3048 2784 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 43 PID 2784 wrote to memory of 3048 2784 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 43 PID 2784 wrote to memory of 3048 2784 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 43 PID 2784 wrote to memory of 3048 2784 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 43 PID 2784 wrote to memory of 2824 2784 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 44
Processes
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"1⤵
- Boot or Logon Autostart Execution: Active Setup
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2168 -
C:\Windows\SysWOW64\svchost.exesvchost.exe2⤵
- Loads dropped DLL
- Adds Run key to start application
PID:2320 -
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:2960 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1208
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1484
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:352
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1816
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:592
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2040
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1952
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1516
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2012 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1748
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2640
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2584
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2632
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2248
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2496
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1468
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2612
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:296 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1300
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1652
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:852
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:836
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2816
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2088
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:864
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2000
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:2484 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1756
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Executes dropped EXE
PID:2520
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:1648 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2108
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2196
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1508
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1188
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1236
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1088
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1512
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:868
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2052 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1572
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1524
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3008
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3052
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1728
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2792
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2748
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2208
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2788 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2660
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3032
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2568
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2116
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:764
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1740
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1696
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2452
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2960 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:304
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:884
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2172
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3016
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1152
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2928
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2904
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2524
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"7⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3004 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1672
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2628
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2360
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2544
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2368
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1144
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1232
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1956
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"8⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:628 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:1296
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Executes dropped EXE
PID:3068
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2680 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2656
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2280
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:896
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2032
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1060
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2768
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2328
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2324
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:2444 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2736
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2012
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1640
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1832
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2912
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1688
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1616
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2508
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2376 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3064
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2880
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2988
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:596
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1276
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2976
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:532
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2548
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:616 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1340
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:772
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2444
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1648
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2176
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2136
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1684
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2516
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"7⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:2996 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2180
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1684 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1868
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1432
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1824
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2400
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2724
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1168
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2056
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1628
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:2132 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2764
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2948
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2708
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2960 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2408
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:848
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2864
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1548
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1604
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1608
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1704
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2356
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:2244 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1332
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2700
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2132
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:616
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2576
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1856
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2312
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2372
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:2980 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1848
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:536
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2348
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2940
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:936
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2460
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3084
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3104
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:3128 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3200
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3260
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3300
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3328
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3352
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3384
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3408
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3436
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"7⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:3476 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3532
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:860 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:628
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2680
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2624
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:580
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1932
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1376
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1556
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2376
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2480 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1404
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1948
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:860
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1632
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:924
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3076
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3096
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3144
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3172 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3236
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3292
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3316
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3344
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3368
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3400
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3424
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3452
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:3512 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3584
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3668
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3684
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3704
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3720
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3740
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3756
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3776
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"7⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:3800 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3844
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3920
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3972
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4000
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4024
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4052
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4076
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2832
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"8⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2980 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3160
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3256
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3500
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3224
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3484
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3580
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3592
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3644
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"9⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:3796 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3568
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3656
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3840
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:268
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3872
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:796
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3184
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2304
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"10⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3620 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3208
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3788
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:2260
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3940
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:1048
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3476
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3244
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:3996
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"11⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3856 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3612
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3480
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4144
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4252
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4280
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4304
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4332
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4356
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"12⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:4392 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:4440
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:4468
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:4528
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:4644
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:4688
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:4716
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:4740
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:4768
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"13⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:4808 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4840
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4872
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4896
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5012
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5052
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5080
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5104
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4132
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"14⤵
- Executes dropped EXE
- Adds Run key to start application
PID:4160 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵PID:4200
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵PID:4400
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵PID:4384
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵PID:4568
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3248 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3280
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3308
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3336
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3360
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3392
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3416
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3444
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3556
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3612 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3648
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3676
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3696
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3712
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3732
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3748
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3768
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3820
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:3868 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3900
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3964
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3988
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4016
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4040
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4068
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4092
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:3928 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3952
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3980
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4008
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4032
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4060
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4084
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3116
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3196
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3272 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3324
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3464
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3524
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3176
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3288
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3252
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3692
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3832
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:3852 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3936
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Executes dropped EXE
PID:1488 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3472
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3128
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3544
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3552
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3608
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3628
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3996 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3124
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3912
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3192
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3960
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3932
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3216
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3564
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3212
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:3660 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3896
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3812
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3572
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1388
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4048
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3836
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2332
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4104
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:4136 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4204
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4260
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4288
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4312
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4340
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4368
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4452
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4476
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"6⤵
- Executes dropped EXE
- Adds Run key to start application
PID:4508 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4592
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:3828 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3180
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3816
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3808
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3616
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3044
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3860
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3516
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4112
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Executes dropped EXE
PID:4184 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4240
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4268
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4296
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4320
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4348
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4412
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4460
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4484
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Executes dropped EXE
- Adds Run key to start application
PID:4552 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4616
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4680
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4708
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4732
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4760
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4800
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4864
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4888
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"6⤵
- Executes dropped EXE
- Adds Run key to start application
PID:4920 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4960
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5044
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5072
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5096
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4156
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4176
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4164
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4364
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"7⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:4432 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4140
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4588
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4784
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4836
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4604
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4936
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4652
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5008
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"8⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:3660 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3632
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:4248
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:4792
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:4128
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:3876
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:4920
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:4660
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:4676
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"9⤵
- Adds Run key to start application
PID:4168 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4520
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5180
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5208
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5252
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5276
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5304
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5328
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5356
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"10⤵PID:5388
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5452
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5508
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5528
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5580
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5608
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5632
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5660
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5684
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"11⤵PID:5720
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5800
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5852
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5884
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Executes dropped EXE
PID:4632 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4664
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4696
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4724
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4748
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4776
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4852
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4880
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4940
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:4992 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5036
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5060
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5088
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5112
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4120
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4220
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4388
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4500
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Executes dropped EXE
- Adds Run key to start application
PID:4524 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4640
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4420
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4824
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4628
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4624
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4988
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4632
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4812
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"6⤵
- Executes dropped EXE
PID:4404 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4188
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4992
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4424
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4436
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4216
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4540
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4524
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3828
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"7⤵
- Adds Run key to start application
PID:5132 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5164
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5188
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5240
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5268
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5292
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5320
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5344
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5404
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"8⤵
- Boot or Logon Autostart Execution: Active Setup
PID:5432 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:5492
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:5520
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:5548
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:5592
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:5616
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:5644
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:5668
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:5696
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"9⤵PID:5764
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5828
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5860
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5920
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6004
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6032
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6056
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6084
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6108
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"10⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:4704 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:4924
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5148
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5380
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5516
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5472
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5712
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5480
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:5776
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"11⤵
- Boot or Logon Autostart Execution: Active Setup
PID:5556 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5980
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5720
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4572
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5400
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5200
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5564
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5880
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5140
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"12⤵
- Adds Run key to start application
PID:5836 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:5952
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:5420
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:5976
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:4168
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:6148
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:6180
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:6216
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:6248
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"13⤵
- Boot or Logon Autostart Execution: Active Setup
PID:6288 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:6320
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:6356
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Executes dropped EXE
- Adds Run key to start application
PID:4572 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4796
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4392
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4860
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4908
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4956
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4980
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3888
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:4564 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4212
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4536
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4972
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4976
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4328
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4496
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:5196 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5228
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5260
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5284
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5312
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5336
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5364
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
PID:5536 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5568
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5600
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5624
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5652
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5676
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5728
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5844
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5872
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵PID:5904
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5956
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:6016
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:6040
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:6068
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:6092
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:6128
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4828
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:4492
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵PID:4196
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5428
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2060
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5716
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5388
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5740
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5792
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5812
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:6064
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:6124 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5176
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5936
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5544
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2664
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4608
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:4704
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5236
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5424
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"7⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:5152 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4600
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5136
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:6156
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:6188
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:6224
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:6256
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:6340
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Adds Run key to start application
PID:5936 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5984
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:6024
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:6048
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:6076
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:6100
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4564
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:4404
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5300
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Adds Run key to start application
PID:5416 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5196
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5736
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5704
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5760
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5500
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5536
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5788
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:5124
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
PID:4180 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5972
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5484
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5352
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5756
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5692
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4612
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5220
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5540
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
PID:384 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5464
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:5640
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:6172
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:6204
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:6240
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵PID:5132
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:5412 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:5820
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:6164
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:6196
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:6232
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:6280
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:6348
-
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:3024
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:984
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:1500
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:3020
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:2688
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:2692
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:2744
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵PID:2760
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2784 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2732
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2800
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:3048
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2824
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2704
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2716
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2572
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2644
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2588 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2596
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2972
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1100
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1960
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1312
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1148
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1480
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:1504
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:1684 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1784
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2020
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1760
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2212
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2868
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2856
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2848
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1724
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
PID:2912 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1804
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1892
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:872
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2888
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:900
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2388
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2900
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1540
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"6⤵
- Executes dropped EXE
PID:1556 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2024
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
794KB
MD557f3516f894bbbbc8e5db3e5039c39b9
SHA1696579a0255e9b22a9e7fa78f83f849cc33a8de7
SHA2561d12bc425e604295c722ff2bea25e63c6ce3b7bcc9ddbd2ae2311dd734199a60
SHA512f1e6d141b3c65b6a28422c43571c2eaa52fb05433b11f05e3065579629473133c29d4623c7873d69907a770fe57678208d6dcc674cda0156459188c33041c1e9
-
Filesize
1KB
MD556f790849131cc9097bf01d1f0ed1a19
SHA1f08cce747c9c243bd318c8a9419a7e65497de6f9
SHA2565a24b16fd95080f676e66243769ab5a67b02b34a8d1063f6d1834c5127d03c90
SHA512b5591abe11c235ced3031d7fe2f9cc523979939de91b691e27eb9a0387861017ea8232639e5de0210b89987e1482592bdc2bd7f7c22bbfd3b2df032a9307f414
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e