Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
19-07-2024 15:18
Static task
static1
Behavioral task
behavioral1
Sample
5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe
-
Size
732KB
-
MD5
5c8117ec0c0a9912c70ded1a5bc3338e
-
SHA1
c2c4692df86c214941bdfb64c2a92551bee354d0
-
SHA256
ee73b4923d5ab791403fde414e23008745c0529416cde801d3b27431210ed32e
-
SHA512
404359f564b877a4d86f189fbb9717a9b0aca666c58aea06df72fbc26919b114f3fc70705ffeffd6d84703df2bf2ebf7cf8a0fe5066f8dafd69e77d9017ed85c
-
SSDEEP
12288:GHRBr01DiLKlgAIG0Iw1bRLkUhETKtEMO+346YwxPmV2OCt0vnANd7g/bDjf:GHRBriDiLdAj2B9kYsWQk4jws2t4V/bf
Malware Config
Extracted
xtremerat
besbous.no-ip.info
Signatures
-
Detect XtremeRAT payload 5 IoCs
resource yara_rule behavioral1/memory/2720-5-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral1/memory/2720-6-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral1/memory/3068-15-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral1/memory/2720-20-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral1/memory/2908-56-0x0000000000220000-0x0000000000230000-memory.dmp family_xtremerat -
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 64 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" svchost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe -
Executes dropped EXE 64 IoCs
pid Process 2536 Server.exe 1560 Server.exe 1956 Server.exe 2088 Server.exe 2776 Server.exe 1108 Server.exe 2988 Server.exe 296 Server.exe 2908 Server.exe 668 Server.exe 3032 Server.exe 1968 Server.exe 1788 Server.exe 944 Server.exe 2368 Server.exe 1700 Server.exe 700 Server.exe 2996 Server.exe 1220 Server.exe 2436 Server.exe 2632 Server.exe 1616 Server.exe 1008 Server.exe 2280 Server.exe 1412 Server.exe 1924 Server.exe 2296 Server.exe 1504 Server.exe 992 Server.exe 2368 Server.exe 2952 Server.exe 348 Server.exe 1332 Server.exe 1220 Server.exe 1928 Server.exe 544 Server.exe 296 Server.exe 288 Server.exe 1960 Server.exe 2628 Server.exe 2716 Server.exe 1720 Server.exe 2792 Server.exe 1220 Server.exe 2508 Server.exe 2744 Server.exe 556 Server.exe 2792 Server.exe 3112 Server.exe 3132 Server.exe 3228 Server.exe 3248 Server.exe 3320 Server.exe 3340 Server.exe 3548 Server.exe 3568 Server.exe 3672 Server.exe 3692 Server.exe 3756 Server.exe 3776 Server.exe 3820 Server.exe 3836 Server.exe 4012 Server.exe 4036 Server.exe -
Loads dropped DLL 24 IoCs
pid Process 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 3068 svchost.exe 3068 svchost.exe 3068 svchost.exe 3068 svchost.exe 3068 svchost.exe 3068 svchost.exe 3068 svchost.exe 3068 svchost.exe 3068 svchost.exe 3068 svchost.exe 3068 svchost.exe 3068 svchost.exe 3068 svchost.exe 3068 svchost.exe 3068 svchost.exe 3068 svchost.exe 3068 svchost.exe 3068 svchost.exe 3068 svchost.exe 3068 svchost.exe 3068 svchost.exe 3068 svchost.exe -
resource yara_rule behavioral1/memory/2720-5-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral1/memory/2720-6-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral1/memory/2720-4-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral1/memory/2720-2-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral1/memory/3068-15-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral1/memory/2720-20-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral1/memory/2908-56-0x0000000000220000-0x0000000000230000-memory.dmp upx -
Adds Run key to start application 2 TTPs 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe -
Suspicious use of SetThreadContext 64 IoCs
description pid Process procid_target PID 2632 set thread context of 2720 2632 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 30 PID 2536 set thread context of 1560 2536 Server.exe 41 PID 1956 set thread context of 2088 1956 Server.exe 51 PID 2776 set thread context of 1108 2776 Server.exe 54 PID 2988 set thread context of 296 2988 Server.exe 64 PID 2908 set thread context of 668 2908 Server.exe 74 PID 3032 set thread context of 1968 3032 Server.exe 77 PID 1788 set thread context of 944 1788 Server.exe 92 PID 2368 set thread context of 1700 2368 Server.exe 95 PID 700 set thread context of 2996 700 Server.exe 112 PID 1220 set thread context of 2436 1220 Server.exe 115 PID 2632 set thread context of 1616 2632 Server.exe 118 PID 1008 set thread context of 2280 1008 Server.exe 140 PID 1412 set thread context of 1924 1412 Server.exe 144 PID 2296 set thread context of 1504 2296 Server.exe 147 PID 992 set thread context of 2368 992 Server.exe 169 PID 2952 set thread context of 348 2952 Server.exe 173 PID 1332 set thread context of 1220 1332 Server.exe 177 PID 1928 set thread context of 544 1928 Server.exe 198 PID 296 set thread context of 288 296 Server.exe 202 PID 1960 set thread context of 2628 1960 Server.exe 208 PID 2716 set thread context of 1720 2716 Server.exe 227 PID 2792 set thread context of 1220 2792 Server.exe 232 PID 2508 set thread context of 2744 2508 Server.exe 237 PID 556 set thread context of 2792 556 Server.exe 242 PID 3112 set thread context of 3132 3112 Server.exe 260 PID 3228 set thread context of 3248 3228 Server.exe 267 PID 3320 set thread context of 3340 3320 Server.exe 271 PID 3548 set thread context of 3568 3548 Server.exe 290 PID 3672 set thread context of 3692 3672 Server.exe 298 PID 3756 set thread context of 3776 3756 Server.exe 301 PID 3820 set thread context of 3836 3820 Server.exe 304 PID 4012 set thread context of 4036 4012 Server.exe 320 PID 1988 set thread context of 3092 1988 Server.exe 324 PID 3224 set thread context of 1468 3224 Server.exe 328 PID 3552 set thread context of 3592 3552 Server.exe 348 PID 1588 set thread context of 1612 1588 Server.exe 354 PID 3372 set thread context of 3784 3372 Server.exe 358 PID 3840 set thread context of 3088 3840 Server.exe 377 PID 2076 set thread context of 2872 2076 Server.exe 382 PID 3584 set thread context of 3276 3584 Server.exe 387 PID 1588 set thread context of 3764 1588 Server.exe 392 PID 3132 set thread context of 3568 3132 Server.exe 412 PID 1532 set thread context of 3148 1532 Server.exe 417 PID 2740 set thread context of 3180 2740 Server.exe 421 PID 2740 set thread context of 4064 2740 Server.exe 433 PID 4100 set thread context of 4120 4100 Server.exe 441 PID 4144 set thread context of 4160 4144 Server.exe 443 PID 4316 set thread context of 4336 4316 Server.exe 455 PID 4448 set thread context of 4468 4448 Server.exe 463 PID 4488 set thread context of 4504 4488 Server.exe 465 PID 4648 set thread context of 4668 4648 Server.exe 475 PID 4800 set thread context of 4820 4800 Server.exe 485 PID 4872 set thread context of 4888 4872 Server.exe 488 PID 5064 set thread context of 5084 5064 Server.exe 504 PID 4076 set thread context of 3660 4076 Server.exe 507 PID 4380 set thread context of 4184 4380 Server.exe 523 PID 4492 set thread context of 4536 4492 Server.exe 527 PID 4572 set thread context of 4528 4572 Server.exe 531 PID 4848 set thread context of 5048 4848 Server.exe 551 PID 4076 set thread context of 4240 4076 Server.exe 558 PID 4420 set thread context of 4064 4420 Server.exe 561 PID 4368 set thread context of 2768 4368 Server.exe 582 PID 4528 set thread context of 4496 4528 Server.exe 587 -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\ 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File created C:\Windows\InstallDir\Server.exe 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\Server.exe Server.exe File opened for modification C:\Windows\InstallDir\ Server.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 2632 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 2536 Server.exe 1956 Server.exe 2776 Server.exe 2988 Server.exe 2908 Server.exe 3032 Server.exe 1788 Server.exe 2368 Server.exe 700 Server.exe 1220 Server.exe 2632 Server.exe 1008 Server.exe 1412 Server.exe 2296 Server.exe 992 Server.exe 2952 Server.exe 1332 Server.exe 1928 Server.exe 296 Server.exe 1960 Server.exe 2716 Server.exe 2792 Server.exe 2508 Server.exe 556 Server.exe 3112 Server.exe 3228 Server.exe 3320 Server.exe 3548 Server.exe 3672 Server.exe 3756 Server.exe 3820 Server.exe 4012 Server.exe 1988 Server.exe 3224 Server.exe 3552 Server.exe 1588 Server.exe 3372 Server.exe 3840 Server.exe 2076 Server.exe 3584 Server.exe 1588 Server.exe 3132 Server.exe 1532 Server.exe 2740 Server.exe 2740 Server.exe 4100 Server.exe 4144 Server.exe 4316 Server.exe 4448 Server.exe 4488 Server.exe 4648 Server.exe 4800 Server.exe 4872 Server.exe 5064 Server.exe 4076 Server.exe 4380 Server.exe 4492 Server.exe 4572 Server.exe 4848 Server.exe 4076 Server.exe 4420 Server.exe 4368 Server.exe 4528 Server.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2632 wrote to memory of 2720 2632 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 30 PID 2632 wrote to memory of 2720 2632 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 30 PID 2632 wrote to memory of 2720 2632 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 30 PID 2632 wrote to memory of 2720 2632 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 30 PID 2632 wrote to memory of 2720 2632 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 30 PID 2632 wrote to memory of 2720 2632 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 30 PID 2632 wrote to memory of 2720 2632 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 30 PID 2632 wrote to memory of 2720 2632 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 30 PID 2632 wrote to memory of 2720 2632 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 30 PID 2720 wrote to memory of 3068 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 31 PID 2720 wrote to memory of 3068 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 31 PID 2720 wrote to memory of 3068 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 31 PID 2720 wrote to memory of 3068 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 31 PID 2720 wrote to memory of 3068 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 31 PID 2720 wrote to memory of 2824 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 32 PID 2720 wrote to memory of 2824 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 32 PID 2720 wrote to memory of 2824 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 32 PID 2720 wrote to memory of 2824 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 32 PID 2720 wrote to memory of 2824 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 32 PID 2720 wrote to memory of 2784 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 33 PID 2720 wrote to memory of 2784 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 33 PID 2720 wrote to memory of 2784 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 33 PID 2720 wrote to memory of 2784 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 33 PID 2720 wrote to memory of 2784 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 33 PID 2720 wrote to memory of 2860 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 34 PID 2720 wrote to memory of 2860 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 34 PID 2720 wrote to memory of 2860 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 34 PID 2720 wrote to memory of 2860 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 34 PID 2720 wrote to memory of 2860 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 34 PID 2720 wrote to memory of 1232 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 35 PID 2720 wrote to memory of 1232 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 35 PID 2720 wrote to memory of 1232 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 35 PID 2720 wrote to memory of 1232 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 35 PID 2720 wrote to memory of 1232 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 35 PID 2720 wrote to memory of 2692 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 36 PID 2720 wrote to memory of 2692 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 36 PID 2720 wrote to memory of 2692 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 36 PID 2720 wrote to memory of 2692 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 36 PID 2720 wrote to memory of 2692 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 36 PID 2720 wrote to memory of 2700 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 37 PID 2720 wrote to memory of 2700 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 37 PID 2720 wrote to memory of 2700 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 37 PID 2720 wrote to memory of 2700 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 37 PID 2720 wrote to memory of 2700 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 37 PID 2720 wrote to memory of 2572 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 38 PID 2720 wrote to memory of 2572 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 38 PID 2720 wrote to memory of 2572 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 38 PID 2720 wrote to memory of 2572 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 38 PID 2720 wrote to memory of 2572 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 38 PID 2720 wrote to memory of 1900 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 39 PID 2720 wrote to memory of 1900 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 39 PID 2720 wrote to memory of 1900 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 39 PID 2720 wrote to memory of 1900 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 39 PID 2720 wrote to memory of 2536 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 40 PID 2720 wrote to memory of 2536 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 40 PID 2720 wrote to memory of 2536 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 40 PID 2720 wrote to memory of 2536 2720 5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe 40 PID 2536 wrote to memory of 1560 2536 Server.exe 41 PID 2536 wrote to memory of 1560 2536 Server.exe 41 PID 2536 wrote to memory of 1560 2536 Server.exe 41 PID 2536 wrote to memory of 1560 2536 Server.exe 41 PID 2536 wrote to memory of 1560 2536 Server.exe 41 PID 2536 wrote to memory of 1560 2536 Server.exe 41 PID 2536 wrote to memory of 1560 2536 Server.exe 41
Processes
-
C:\Users\Admin\AppData\Local\Temp\5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2632 -
C:\Users\Admin\AppData\Local\Temp\5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5c8117ec0c0a9912c70ded1a5bc3338e_JaffaCakes118.exe2⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2720 -
C:\Windows\SysWOW64\svchost.exesvchost.exe3⤵
- Boot or Logon Autostart Execution: Active Setup
- Loads dropped DLL
PID:3068 -
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2776 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Executes dropped EXE
PID:1108 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1236
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2748
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2420
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:484
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:572
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:988
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:264
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2512
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2988 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:296 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:692
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1548
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2856
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1868
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1216
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2904
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1856
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2192
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2908 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
PID:668 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3040
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3056
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2180
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1836
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2324
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1012
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3032 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
PID:1968 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:848
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1552
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2348
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2084
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1284
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2476
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1792
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1440
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1788 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
PID:944 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1688
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1864
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1068
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1584
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1228
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1916
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1292
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2932
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:700 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:2996 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:996
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2848
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2520
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2536
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2524
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2968
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2204
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1560
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1008 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe11⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2280 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:2088
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:1784
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:1740
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:2408
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:2344
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:2108
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:408
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:1912
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:992 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe13⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
PID:2368 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:1460
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:1660
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:2632
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:2660
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:2396
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:2996
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:1976
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:1620
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"14⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1928 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe15⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:544 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:1908
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:992
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:1436
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:880
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:1424
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:1736
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:2288
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:2868
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"16⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2716 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe17⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
PID:1720 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:856
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:2944
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:2212
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:1020
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:1520
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:1492
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:2404
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:3080
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"18⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3112 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe19⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
PID:3132 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:3172
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:3204
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:3360
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:3404
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:3436
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:3464
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:3488
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:3516
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"20⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3548 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe21⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
PID:3568 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:3600
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:3628
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2368 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:1700 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1632
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:648
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2216
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2268
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2300
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3020
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2948
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2276
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1220 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2436 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2724
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2156
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2684
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2976
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2592
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1208
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2812
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2736
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1412 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵
- Executes dropped EXE
PID:1924 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2956
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2472
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2124
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1940
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1184
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1536
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2496
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2000
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2952 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe11⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:348 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3000
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:1196
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:2896
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:2688
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:2112
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:2704
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:448
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:2928
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:296 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe13⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
PID:288 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:2424
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:2964
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:2900
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:1568
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3004
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:2060
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:2116
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:2296
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"14⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2792 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe15⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:1220 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:2952
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:2988
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2632 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
PID:1616 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2384
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2680
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2584
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2568
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2720
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2380
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2624
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2296 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1504 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2908
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2240
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2400
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:772
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2392
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1760
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:900
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1332 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
PID:1220 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2200
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2800
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:592
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1956
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1008
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2676
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2960
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1244
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1960 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2628 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2272
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1488
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1332
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1516
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2436
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2368
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:348
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2708
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2508 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:2744 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1064
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1924
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2508
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2328
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1928
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1880
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3152
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3196
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3228 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe11⤵
- Executes dropped EXE
- Adds Run key to start application
PID:3248 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3292
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3392
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3428
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3452
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3480
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3504
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3612
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3636
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3672 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe13⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
PID:3692 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3744
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3856
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3892
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3908
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3928
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3944
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3964
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3980
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"14⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4012 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe15⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:4036 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4068
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:3124
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:3264
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:1716
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:3348
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:3380
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:920
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:3160
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"16⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3552 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe17⤵
- Boot or Logon Autostart Execution: Active Setup
PID:3592 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:3652
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:1540
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:3716
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:3824
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:3800
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4004
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4000
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4012
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"18⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3840 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe19⤵
- Boot or Logon Autostart Execution: Active Setup
PID:3088 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:3236
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:2552
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:3712
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:556 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2792 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:340
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2616
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1640
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2480
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2488
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3104
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3184
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3268
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3320 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
PID:3340 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3384
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3412
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3444
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3472
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3496
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3540
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3620
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3664
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3756 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:3776 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3812
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3820 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:3836 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3880
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3900
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3916
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3936
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3952
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3972
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3988
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4080
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1988 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵
- Drops file in Windows directory
PID:3092 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3168
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3288
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3300
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3320
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3420
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3460
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3560
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3700
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1588 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵
- Adds Run key to start application
PID:1612 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3368
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3788
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3848
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3780
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4020
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3692
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4052
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3212
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2076 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe11⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:2872 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3576
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3672
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3572
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3280
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3592
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:1988
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3740
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:1612
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3132 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe13⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops file in Windows directory
PID:3568 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3512
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:2744
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:2064
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3764
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:2588
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3276
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:1532
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3336
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"14⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2740 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe15⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops file in Windows directory
PID:4064 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:3580
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:3568
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:2740
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4216
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4232
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4252
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4268
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4292
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"16⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4316 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe17⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in Windows directory
PID:4336 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4384
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4404
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4428
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3224 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:1468 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3256
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3312
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2792
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3356
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:936
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3536
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3248
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3372 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:3784 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3644
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3872
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3888
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3696
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4032
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4092
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3224
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3524
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3584 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:3276 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1544
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3808
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3096
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2136
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3164
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3240
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3024
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3140
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1532 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in Windows directory
PID:3148 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4036
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1588 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:3764 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3372
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3960
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1596
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4088
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2612
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3260
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2740 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:3180 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3768
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3092
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:332
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3340
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3688
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1364
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3708
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3148
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4100 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:4120 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4196
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4224
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4244
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4260
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4284
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4356
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4396
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4412
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4448 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops file in Windows directory
PID:4468 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4540
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4564
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4576
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4584
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4596
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4604
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4616
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4624
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4648 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe11⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:4668 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4708
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4716
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4728
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4736
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4748
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4756
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4768
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4776
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4800 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe13⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:4820 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4860
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4932
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4948
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4968
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4984
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5004
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5020
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5040
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"14⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5064 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe15⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in Windows directory
PID:5084 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:5116
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4104
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4172
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4204
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4140
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:2076
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:2876
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4328
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"16⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4380 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe17⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops file in Windows directory
PID:4184 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4120
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4556
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4648
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4724
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4692
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4816
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4852
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4900
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"18⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4848 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe19⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops file in Windows directory
PID:5048 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:5108
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:4116
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:4532
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:4340
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:4524
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:4812
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:4916
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:5072
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"20⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4368 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe21⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:2768 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:4392
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:4136
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:5052
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:4464
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:4460
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:5128
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:5164
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:5196
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"22⤵PID:5236
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe23⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:5256 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:5304
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:5352
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:5512
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:5596
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:5632
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:5664
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:5700
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:5732
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"24⤵PID:5764
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe25⤵
- Drops file in Windows directory
PID:5784 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:5836
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:5880
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:6036
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:4128
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:5272
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:5348
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:5388
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:5368
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"26⤵PID:5084
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe27⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in Windows directory
PID:5416 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:5560
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:5576
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:5288
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:5864
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:5928
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:5984
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:5972
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:6056
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"28⤵PID:6064
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe29⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:4148 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"30⤵PID:6012
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"30⤵PID:5432
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"30⤵PID:5428
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"30⤵PID:5872
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"30⤵PID:5556
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"30⤵PID:5416
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"30⤵PID:6064
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"30⤵PID:5444
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"30⤵PID:6132
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe31⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:5696 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"32⤵PID:5960
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"32⤵PID:5952
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"32⤵PID:5232
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"32⤵PID:4148
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"32⤵PID:5504
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"32⤵PID:6172
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"32⤵PID:6196
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"32⤵PID:6224
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"32⤵PID:6264
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe33⤵
- Adds Run key to start application
PID:6284 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"34⤵PID:6320
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"34⤵PID:6340
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4144 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵PID:4160
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4488 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵PID:4504
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4872 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Boot or Logon Autostart Execution: Active Setup
PID:4888 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4920
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4940
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4960
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4976
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4996
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5012
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5032
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4076 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Adds Run key to start application
PID:3660 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4156
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4188
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4208
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2428
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4324
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4304
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4344
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4452
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4492 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:4536 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4508
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4680
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4764
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4784
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4800
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4880
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4992
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5028
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4076 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵
- Adds Run key to start application
PID:4240 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4456
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4488
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4656
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4468
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5056
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4184
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5076
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1248
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4528 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe11⤵
- Adds Run key to start application
PID:4496 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5048
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5068
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4908
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4480
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5136
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5172
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5204
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5312
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵PID:5376
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe13⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops file in Windows directory
PID:5396 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5472
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5520
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5604
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5640
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5672
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5708
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5756
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5848
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"14⤵PID:5912
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe15⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in Windows directory
PID:5932 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:6004
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:6072
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4572 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:4528 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4664
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4700
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4796
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4696
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4832
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4876
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5080
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3656
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4420 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:4064 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3660
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4552
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4572
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4512
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4440
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4824
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1588
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4280
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵PID:4908
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in Windows directory
PID:5084 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4144
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4076
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4820
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4152
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5156
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5188
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5280
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5332
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵PID:5416
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe11⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops file in Windows directory
PID:5436 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5492
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5536
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5612
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5648
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5680
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5716
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5804
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5856
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵PID:5948
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe13⤵PID:5972
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵PID:4460
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in Windows directory
PID:4348 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4500
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4180
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4124
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5144
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5180
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5212
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5320
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵PID:5528
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in Windows directory
PID:5552 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5584
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5620
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5656
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5688
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5724
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5820
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5888
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:6028
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵PID:6064
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops file in Windows directory
PID:6092 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:6124
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5264
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5344
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4484
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5380
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5452
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5544
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1296
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵PID:5740
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in Windows directory
PID:5780 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5920
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5480
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5964
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5996
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6024
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6084
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5936
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4352
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵PID:5084
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe11⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in Windows directory
PID:4348 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5748
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5908
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5448
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5244
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5252
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5408
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4164
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5256
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵PID:5800
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe13⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:6060 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4472
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5800
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵PID:6136
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:5228 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5240
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5384
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5328
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5404
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5364
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5532
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5508
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵PID:5460
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Adds Run key to start application
PID:5960 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5912
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5948
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5976
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5592
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:6100
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5300
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5424
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5776
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵PID:2768
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in Windows directory
PID:5944 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4132
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:6048
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:6136
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5484
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5276
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5396
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:6116
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5752
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵PID:5292
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops file in Windows directory
PID:1392 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5944
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6160
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6188
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6212
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6256
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6328
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6348
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵PID:4348
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Drops file in Windows directory
PID:5436 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:6152
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:6180
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:6204
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:6232
-
-
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2824
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2784
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2860
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:1232
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2692
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2700
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2572
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:1900
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2536 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe4⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:1560 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1944
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2984
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1444
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:964
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2336
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1100
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2564
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1796
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1956 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
PID:2088 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2184
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5810fff9bd8c9603ca4c945b70ce267ad
SHA13fdab44b79e5a71911c46497b9859e75a7930ffc
SHA2568ded8fe17febe7e6ef7e7e4e28b3a643231b04220a9eeb6c911714c777ffc993
SHA5123cab3383a607471b3178765202d611f4aaf3f024ac15bcaeaa0deb44744c5e5eb44e37f63a97056a543c05fd3fb496cf44be43bb03ce0cc83aa26bbb8181f12b
-
Filesize
732KB
MD55c8117ec0c0a9912c70ded1a5bc3338e
SHA1c2c4692df86c214941bdfb64c2a92551bee354d0
SHA256ee73b4923d5ab791403fde414e23008745c0529416cde801d3b27431210ed32e
SHA512404359f564b877a4d86f189fbb9717a9b0aca666c58aea06df72fbc26919b114f3fc70705ffeffd6d84703df2bf2ebf7cf8a0fe5066f8dafd69e77d9017ed85c