Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
19-07-2024 20:08
Behavioral task
behavioral1
Sample
5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe
-
Size
105KB
-
MD5
5d7c90150d55fc541445ac38f4f48797
-
SHA1
2026786485f9f1fae9ea6d207a020bbcb42ded99
-
SHA256
9a97a8175ef85ce58ae684ccb40a0c9c85f178dcc78db85bd5e3a3a81ebe69d0
-
SHA512
0bc03b4049ef18bc1f5d36adfd77f4ed915b1be61a65021f0a3c5272fab2664c9aa5846121870fe47b5fbb46c0d62e82a7e5d65ca14d3082242853921dc1201a
-
SSDEEP
3072:6DIlukjFC6efJ387WW8Iwk+fraSvqZfYE:6Ce6e1QWW8WoOZZw
Malware Config
Signatures
-
Detect XtremeRAT payload 8 IoCs
resource yara_rule behavioral1/memory/2312-4-0x0000000000C80000-0x0000000000C92000-memory.dmp family_xtremerat behavioral1/memory/2312-9-0x0000000000C80000-0x0000000000C92000-memory.dmp family_xtremerat behavioral1/memory/2312-5-0x0000000000C80000-0x0000000000C92000-memory.dmp family_xtremerat behavioral1/memory/2312-3-0x0000000000C80000-0x0000000000C92000-memory.dmp family_xtremerat behavioral1/memory/1764-15-0x0000000000C80000-0x0000000000C92000-memory.dmp family_xtremerat behavioral1/memory/2312-20-0x0000000000C80000-0x0000000000C92000-memory.dmp family_xtremerat behavioral1/memory/3004-30-0x0000000000C80000-0x0000000000C92000-memory.dmp family_xtremerat behavioral1/memory/3004-35-0x0000000000C80000-0x0000000000C92000-memory.dmp family_xtremerat -
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 64 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} svchost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Process not Found Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL} Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{V1LKIR4F-6020-QRIS-4762-KUXPURQ0MBBL}\StubPath = "C:\\Windows\\InstallDir\\Server.exe restart" Process not Found -
Executes dropped EXE 64 IoCs
pid Process 2764 Server.exe 3004 Server.exe 2616 Server.exe 2572 Server.exe 2344 Server.exe 1416 Server.exe 2796 Server.exe 2752 Server.exe 2120 Server.exe 3064 Server.exe 1536 Server.exe 2124 Server.exe 928 Server.exe 1564 Server.exe 788 Server.exe 2460 Server.exe 700 Server.exe 2336 Server.exe 1552 Server.exe 2232 Server.exe 2372 Server.exe 2720 Server.exe 2768 Server.exe 2588 Server.exe 1124 Server.exe 1772 Server.exe 2828 Server.exe 2940 Server.exe 1228 Server.exe 2220 Server.exe 2456 Server.exe 1396 Server.exe 1252 Server.exe 2312 Server.exe 2640 Server.exe 1732 Server.exe 2572 Server.exe 2828 Server.exe 2084 Server.exe 2328 Server.exe 1548 Server.exe 2264 Server.exe 236 Server.exe 2844 Server.exe 3028 Server.exe 2764 Server.exe 3104 Server.exe 3124 Server.exe 3196 Server.exe 3220 Server.exe 3284 Server.exe 3304 Server.exe 3364 Server.exe 3392 Server.exe 3452 Server.exe 3476 Server.exe 3732 Server.exe 3756 Server.exe 3852 Server.exe 3872 Server.exe 3960 Server.exe 3976 Server.exe 4064 Server.exe 4080 Server.exe -
Loads dropped DLL 30 IoCs
pid Process 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe 1764 svchost.exe -
resource yara_rule behavioral1/memory/2476-0-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/2312-6-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/2476-8-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/files/0x00070000000194a4-16.dat upx behavioral1/memory/2764-21-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/2764-29-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/2616-42-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/2344-51-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/2796-62-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/2120-69-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/2120-74-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/1764-80-0x0000000000BF0000-0x0000000000C6F000-memory.dmp upx behavioral1/memory/1536-84-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/1536-81-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/928-91-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/788-104-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/700-114-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/1552-126-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/2372-131-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/2372-138-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/2768-147-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/1124-157-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/2828-166-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/2456-187-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/1252-192-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/1252-199-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/2084-225-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/2084-221-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/1548-233-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/236-243-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/236-247-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/3028-252-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/3028-255-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/3104-260-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/3284-276-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/3364-284-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/3452-295-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/3852-307-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/3112-332-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/1672-337-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/2716-345-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/3112-358-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/3484-367-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/3484-371-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/4044-384-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/4432-413-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/4584-424-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/4704-432-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/4812-440-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/4896-448-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/5092-463-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/4492-478-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/4040-489-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/4920-501-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/4612-513-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/5772-554-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/5164-576-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/5316-614-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/6008-622-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/3172-630-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/6188-648-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/6448-658-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/6588-671-0x0000000000400000-0x000000000047F000-memory.dmp upx behavioral1/memory/7012-700-0x0000000000400000-0x000000000047F000-memory.dmp upx -
Adds Run key to start application 2 TTPs 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\Server.exe" Process not Found Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\Server.exe" Server.exe -
Suspicious use of SetThreadContext 64 IoCs
description pid Process procid_target PID 2476 set thread context of 2312 2476 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 31 PID 2764 set thread context of 3004 2764 Server.exe 42 PID 2616 set thread context of 2572 2616 Server.exe 52 PID 2344 set thread context of 1416 2344 Server.exe 55 PID 2796 set thread context of 2752 2796 Server.exe 71 PID 2120 set thread context of 3064 2120 Server.exe 76 PID 1536 set thread context of 2124 1536 Server.exe 79 PID 928 set thread context of 1564 928 Server.exe 99 PID 788 set thread context of 2460 788 Server.exe 104 PID 700 set thread context of 2336 700 Server.exe 109 PID 1552 set thread context of 2232 1552 Server.exe 113 PID 2372 set thread context of 2720 2372 Server.exe 137 PID 2768 set thread context of 2588 2768 Server.exe 143 PID 1124 set thread context of 1772 1124 Server.exe 148 PID 2828 set thread context of 2940 2828 Server.exe 154 PID 1228 set thread context of 2220 1228 Server.exe 157 PID 2456 set thread context of 1396 2456 Server.exe 183 PID 1252 set thread context of 2312 1252 Server.exe 191 PID 2640 set thread context of 1732 2640 Server.exe 197 PID 2572 set thread context of 2828 2572 Server.exe 202 PID 2084 set thread context of 2328 2084 Server.exe 207 PID 1548 set thread context of 2264 1548 Server.exe 211 PID 236 set thread context of 2844 236 Server.exe 241 PID 3028 set thread context of 2764 3028 Server.exe 249 PID 3104 set thread context of 3124 3104 Server.exe 255 PID 3196 set thread context of 3220 3196 Server.exe 261 PID 3284 set thread context of 3304 3284 Server.exe 266 PID 3364 set thread context of 3392 3364 Server.exe 271 PID 3452 set thread context of 3476 3452 Server.exe 277 PID 3732 set thread context of 3756 3732 Server.exe 305 PID 3852 set thread context of 3872 3852 Server.exe 313 PID 3960 set thread context of 3976 3960 Server.exe 321 PID 4064 set thread context of 4080 4064 Server.exe 328 PID 3112 set thread context of 3104 3112 Server.exe 332 PID 1672 set thread context of 3296 1672 Server.exe 339 PID 2716 set thread context of 3364 2716 Server.exe 343 PID 3960 set thread context of 4048 3960 Server.exe 371 PID 3112 set thread context of 3500 3112 Server.exe 381 PID 3484 set thread context of 3776 3484 Server.exe 389 PID 3168 set thread context of 3476 3168 Server.exe 396 PID 4044 set thread context of 3204 4044 Server.exe 401 PID 3756 set thread context of 2628 3756 Server.exe 408 PID 2720 set thread context of 4116 2720 Server.exe 413 PID 4176 set thread context of 4208 4176 Server.exe 420 PID 4432 set thread context of 4468 4432 Server.exe 446 PID 4584 set thread context of 4612 4584 Server.exe 458 PID 4704 set thread context of 4720 4704 Server.exe 466 PID 4812 set thread context of 4828 4812 Server.exe 474 PID 4896 set thread context of 4912 4896 Server.exe 479 PID 5012 set thread context of 5028 5012 Server.exe 487 PID 5092 set thread context of 3172 5092 Server.exe 494 PID 2720 set thread context of 4232 2720 Server.exe 500 PID 4492 set thread context of 3376 4492 Server.exe 505 PID 4908 set thread context of 1732 4908 Server.exe 531 PID 4040 set thread context of 3308 4040 Server.exe 544 PID 4920 set thread context of 4656 4920 Server.exe 554 PID 4720 set thread context of 4908 4720 Server.exe 561 PID 4612 set thread context of 4912 4612 Server.exe 568 PID 5164 set thread context of 5180 5164 Server.exe 575 PID 5256 set thread context of 5288 5256 Server.exe 583 PID 5312 set thread context of 5344 5312 Server.exe 587 PID 5456 set thread context of 5472 5456 Server.exe 595 PID 5548 set thread context of 5572 5548 Server.exe 603 PID 5772 set thread context of 5800 5772 Server.exe 625 -
Drops file in Windows directory 2 IoCs
description ioc Process File opened for modification C:\Windows\InstallDir\Server.exe 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe File created C:\Windows\InstallDir\Server.exe 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 2476 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 2764 Server.exe 2616 Server.exe 2344 Server.exe 2796 Server.exe 2120 Server.exe 1536 Server.exe 928 Server.exe 788 Server.exe 700 Server.exe 1552 Server.exe 2372 Server.exe 2768 Server.exe 1124 Server.exe 2828 Server.exe 1228 Server.exe 2456 Server.exe 1252 Server.exe 2640 Server.exe 2572 Server.exe 2084 Server.exe 1548 Server.exe 236 Server.exe 3028 Server.exe 3104 Server.exe 3196 Server.exe 3284 Server.exe 3364 Server.exe 3452 Server.exe 3732 Server.exe 3852 Server.exe 3960 Server.exe 4064 Server.exe 3112 Server.exe 1672 Server.exe 2716 Server.exe 3960 Server.exe 3112 Server.exe 3484 Server.exe 3168 Server.exe 4044 Server.exe 3756 Server.exe 2720 Server.exe 4176 Server.exe 4432 Server.exe 4584 Server.exe 4704 Server.exe 4812 Server.exe 4896 Server.exe 5012 Server.exe 5092 Server.exe 2720 Server.exe 4492 Server.exe 4908 Server.exe 4040 Server.exe 4920 Server.exe 4720 Server.exe 4612 Server.exe 5164 Server.exe 5256 Server.exe 5312 Server.exe 5456 Server.exe 5548 Server.exe 5772 Server.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2476 wrote to memory of 2312 2476 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 31 PID 2476 wrote to memory of 2312 2476 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 31 PID 2476 wrote to memory of 2312 2476 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 31 PID 2476 wrote to memory of 2312 2476 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 31 PID 2476 wrote to memory of 2312 2476 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 31 PID 2476 wrote to memory of 2312 2476 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 31 PID 2476 wrote to memory of 2312 2476 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 31 PID 2476 wrote to memory of 2312 2476 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 31 PID 2476 wrote to memory of 2312 2476 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 31 PID 2476 wrote to memory of 2312 2476 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 31 PID 2476 wrote to memory of 2312 2476 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 31 PID 2476 wrote to memory of 2312 2476 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 31 PID 2476 wrote to memory of 2312 2476 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 31 PID 2476 wrote to memory of 2312 2476 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 31 PID 2312 wrote to memory of 1764 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 32 PID 2312 wrote to memory of 1764 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 32 PID 2312 wrote to memory of 1764 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 32 PID 2312 wrote to memory of 1764 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 32 PID 2312 wrote to memory of 1764 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 32 PID 2312 wrote to memory of 1972 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 33 PID 2312 wrote to memory of 1972 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 33 PID 2312 wrote to memory of 1972 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 33 PID 2312 wrote to memory of 1972 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 33 PID 2312 wrote to memory of 1972 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 33 PID 2312 wrote to memory of 2480 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 34 PID 2312 wrote to memory of 2480 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 34 PID 2312 wrote to memory of 2480 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 34 PID 2312 wrote to memory of 2480 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 34 PID 2312 wrote to memory of 2480 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 34 PID 2312 wrote to memory of 2448 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 35 PID 2312 wrote to memory of 2448 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 35 PID 2312 wrote to memory of 2448 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 35 PID 2312 wrote to memory of 2448 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 35 PID 2312 wrote to memory of 2448 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 35 PID 2312 wrote to memory of 1868 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 36 PID 2312 wrote to memory of 1868 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 36 PID 2312 wrote to memory of 1868 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 36 PID 2312 wrote to memory of 1868 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 36 PID 2312 wrote to memory of 1868 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 36 PID 2312 wrote to memory of 976 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 37 PID 2312 wrote to memory of 976 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 37 PID 2312 wrote to memory of 976 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 37 PID 2312 wrote to memory of 976 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 37 PID 2312 wrote to memory of 976 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 37 PID 2312 wrote to memory of 2168 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 38 PID 2312 wrote to memory of 2168 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 38 PID 2312 wrote to memory of 2168 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 38 PID 2312 wrote to memory of 2168 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 38 PID 2312 wrote to memory of 2168 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 38 PID 2312 wrote to memory of 2676 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 39 PID 2312 wrote to memory of 2676 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 39 PID 2312 wrote to memory of 2676 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 39 PID 2312 wrote to memory of 2676 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 39 PID 2312 wrote to memory of 2676 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 39 PID 2312 wrote to memory of 2712 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 40 PID 2312 wrote to memory of 2712 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 40 PID 2312 wrote to memory of 2712 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 40 PID 2312 wrote to memory of 2712 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 40 PID 2312 wrote to memory of 2764 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 41 PID 2312 wrote to memory of 2764 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 41 PID 2312 wrote to memory of 2764 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 41 PID 2312 wrote to memory of 2764 2312 5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe 41 PID 2764 wrote to memory of 3004 2764 Server.exe 42 PID 2764 wrote to memory of 3004 2764 Server.exe 42
Processes
-
C:\Users\Admin\AppData\Local\Temp\5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2476 -
C:\Users\Admin\AppData\Local\Temp\5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5d7c90150d55fc541445ac38f4f48797_JaffaCakes118.exe2⤵
- Boot or Logon Autostart Execution: Active Setup
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2312 -
C:\Windows\SysWOW64\svchost.exesvchost.exe3⤵
- Boot or Logon Autostart Execution: Active Setup
- Loads dropped DLL
PID:1764 -
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2344 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Executes dropped EXE
PID:1416 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1704
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2904
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3068
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2636
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1232
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1892
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2928
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1936
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2120 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵
- Executes dropped EXE
PID:3064 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:632
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1368
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2072
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:348
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:580
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:948
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1516
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:900
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:788 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵
- Executes dropped EXE
PID:2460 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2800
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1664
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:332
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2476
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3052
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:868
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1884
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1296
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2768 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe11⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2588 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:1648
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:2744
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:1152
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:1056
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:2112
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:1428
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:2180
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:756
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1252 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe13⤵
- Executes dropped EXE
PID:2312 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:2568
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:1968
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:2772
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:2640
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:2940
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:2100
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:2684
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:1548
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"14⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3028 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe15⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:2764 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:3076
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:3232
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:3428
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:3556
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:3612
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:3664
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:3712
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:3824
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"16⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3852 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe17⤵
- Executes dropped EXE
PID:3872 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:3924
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4016
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:3200
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:3520
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:3740
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:3864
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:3220
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:3132
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"18⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3112 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe19⤵
- Adds Run key to start application
PID:3500 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:4004
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:2828
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:4044
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:4200
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:4304
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:4368
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:4460
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:4564
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"20⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4584 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe21⤵
- Boot or Logon Autostart Execution: Active Setup
PID:4612 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:4668
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:4800
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:5000
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:4224
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:4712
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:4836
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:4980
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:4252
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"22⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4040 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe23⤵PID:3308
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:4592
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:4724
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:5152
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:5352
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:5540
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:5680
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:5760
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:5908
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"24⤵PID:5928
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe25⤵
- Boot or Logon Autostart Execution: Active Setup
PID:5952 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:6016
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:5032
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:5460
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:6088
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:5396
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:5184
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:1504
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:6168
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"26⤵PID:6188
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe27⤵PID:6212
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:6272
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:6416
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:6568
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:6748
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:6984
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:6024
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:6500
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:6096
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"28⤵PID:6772
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe29⤵
- Boot or Logon Autostart Execution: Active Setup
PID:2512 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"30⤵PID:6936
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"30⤵PID:6200
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"30⤵PID:6848
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"30⤵PID:6348
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"30⤵PID:7264
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"30⤵PID:7468
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"30⤵PID:7680
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"30⤵PID:7852
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"30⤵PID:7888
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe31⤵PID:7936
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"32⤵PID:7976
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"32⤵PID:8148
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"32⤵PID:6196
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"32⤵PID:7784
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"32⤵PID:7412
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"32⤵PID:8004
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1536 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:2124 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2152
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2096
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:912
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:668
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1852
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1312
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:324
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1016
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:700 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2336 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:380
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2228
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2648
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1488
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2304
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1336
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2948
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1644
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1124 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:1772 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2632
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2376
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2752
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2076
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2248
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2380
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:888
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2736
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2640 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe11⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1732 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:2204
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:2176
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:1772
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:996
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:2572
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:1228
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:1208
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3084
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3104 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe13⤵
- Executes dropped EXE
PID:3124 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3176
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3332
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3524
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3584
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1552 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Executes dropped EXE
PID:2232 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2492
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2212
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1464
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2288
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:352
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2872
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2680
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1708
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2828 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵
- Executes dropped EXE
PID:2940 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1448
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1964
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:944
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1688
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1272
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3048
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2792
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:536
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2572 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵
- Executes dropped EXE
PID:2828 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2404
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2612
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1124
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1876
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1828
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2584
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2244
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3184
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3196 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe11⤵
- Executes dropped EXE
PID:3220 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3272
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3468
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3572
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3628
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3680
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3748
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3844
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3948
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3960 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe13⤵
- Executes dropped EXE
PID:3976 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4052
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3268
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3156
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3764
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3880
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3972
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3136
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3404
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"14⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3484 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe15⤵
- Boot or Logon Autostart Execution: Active Setup
PID:3776 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:3876
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:2372
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4184
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4296
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4360
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4440
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4556
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4692
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"16⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4704 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe17⤵PID:4720
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4792
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4992
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4196
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:3904
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4820
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4896
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:3364
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4932
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"18⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4920 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe19⤵PID:4656
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:3500
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:4956
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:5320
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:5524
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:5664
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:5744
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:5892
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:6036
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"20⤵PID:6064
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe21⤵PID:6080
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:5048
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:5468
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:6072
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:5792
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:5328
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:5344
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:6152
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:6300
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"22⤵PID:6328
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe23⤵
- Adds Run key to start application
PID:6344 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:6424
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:6576
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:6756
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:6992
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:6184
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:6448
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:6764
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:5400
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"24⤵PID:7052
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe25⤵
- Boot or Logon Autostart Execution: Active Setup
PID:6836 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:6228
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:5788
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:6804
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:7280
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:7484
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:7712
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:7868
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:8024
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"26⤵PID:8052
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe27⤵PID:8068
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:8132
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:7356
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:7720
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:7364
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:1204
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1228 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Executes dropped EXE
PID:2220 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2332
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:284
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1860
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:604
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2044
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1620
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2576
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2580
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2084 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵
- Executes dropped EXE
PID:2328 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2412
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2544
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1300
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2836
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2084
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2820
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3092
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3248
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3284 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵
- Executes dropped EXE
PID:3304 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3356
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3540
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3596
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3648
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3696
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3816
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3932
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4024
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4064 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe11⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:4080 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3100
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:2692
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3124
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3772
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3888
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:1988
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3288
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4060
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3168 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe13⤵
- Boot or Logon Autostart Execution: Active Setup
PID:3476 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3484
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4100
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4264
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4328
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4396
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4532
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4644
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4768
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"14⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4812 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe15⤵PID:4828
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4884
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:5080
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4480
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4752
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4848
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4120
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4580
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4040
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"16⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4720 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe17⤵PID:4908
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4720
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:5244
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:5444
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:5640
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:5720
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:5876
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:5996
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:5172
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"18⤵PID:5164
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe19⤵
- Adds Run key to start application
PID:4240 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:4436
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:5812
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:4588
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:1524
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:5408
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:5484
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:6284
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:6432
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"20⤵PID:6448
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe21⤵PID:6484
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:6524
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:6676
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:6928
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:7104
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:4240
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:6728
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:4832
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:5308
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"22⤵PID:5148
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe23⤵PID:6620
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:2308
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:3140
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:7200
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:7396
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:7616
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:7836
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:7988
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"24⤵PID:8156
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"24⤵PID:8176
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe25⤵
- Adds Run key to start application
PID:6948 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:7080
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:7560
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:2496
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:6864
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"26⤵PID:7764
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1548 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Executes dropped EXE
PID:2264 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3004
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1956
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2912
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1532
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1600
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2344
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3144
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3312
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3364 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵
- Executes dropped EXE
PID:3392 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3444
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3564
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3620
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3672
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3720
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3832
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3940
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2600
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3112 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵PID:3104
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3208
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3488
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2776
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2764
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3956
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3396
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2716
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4032
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4044 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe11⤵PID:3204
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:3456
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4144
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4280
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4344
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4412
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4540
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4676
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4852
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4896 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe13⤵
- Adds Run key to start application
PID:4912 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4984
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4112
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3872
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3780
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4084
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3480
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4488
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:4868
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"14⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4612 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe15⤵PID:4912
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:5140
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:5336
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:5532
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:5672
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:5752
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:5900
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:6044
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:5264
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"16⤵PID:5332
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe17⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:5312 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:5512
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:6064
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:4492
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3452 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Executes dropped EXE
PID:3476 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3532
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3580
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3640
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3688
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3808
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3908
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4008
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3244
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1672 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵
- Adds Run key to start application
PID:3296 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1564
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3152
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3732
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3856
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4064
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:2328
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3960
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3784
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3756 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵PID:2628
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3104
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4256
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4320
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4388
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4524
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4628
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4760
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4960
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5012 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe11⤵
- Boot or Logon Autostart Execution: Active Setup
PID:5028 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5064
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4432
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4744
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4844
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4152
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4944
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4220
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4972
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5164 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe13⤵
- Adds Run key to start application
PID:5180 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5228
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5436
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5604
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5704
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5832
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5972
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:6112
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5416
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"14⤵PID:5568
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe15⤵PID:5624
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:5796
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:4968
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:6076
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:5936
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:5848
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:6236
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:6372
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:6544
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"16⤵PID:6588
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe17⤵
- Adds Run key to start application
PID:6604 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:6648
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:6876
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:7060
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:6356
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:6700
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:6892
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:7140
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:6828
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"18⤵PID:6396
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe19⤵PID:7092
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:6488
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:7088
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:7332
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:7564
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:7812
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:7920
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:8104
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:7036
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"20⤵PID:7388
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe21⤵PID:7428
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:7536
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:8052
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:7636
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2716 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵PID:3364
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3452
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2888
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2312
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3260
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3424
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3380
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3324
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3300
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2720 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵PID:4116
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4168
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4288
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4352
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4420
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4548
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4684
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4860
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5072
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5092 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵
- Boot or Logon Autostart Execution: Active Setup
PID:3172 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4164
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3964
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:3284
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4924
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5096
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4904
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4616
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5236
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5256 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe11⤵PID:5288
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5384
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5556
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5688
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5780
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5916
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:6052
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5260
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5776
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵PID:4428
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe13⤵PID:5928
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5192
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5288
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5060
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:3172
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:6176
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:6316
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:6504
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:6668
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"14⤵PID:6688
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe15⤵
- Adds Run key to start application
PID:6712 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:6816
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:7000
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:6264
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:6600
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:6800
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:7016
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:6136
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:5624
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"16⤵PID:2980
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe17⤵
- Boot or Logon Autostart Execution: Active Setup
PID:6608 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:2464
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:7300
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:7528
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:7768
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:7896
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:8040
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:7244
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:7524
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"18⤵PID:7636
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe19⤵PID:7696
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:7888
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:7456
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"20⤵PID:6280
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4176 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵PID:4208
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4244
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4312
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4380
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4512
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4604
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4736
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4948
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5116
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2720 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵
- Adds Run key to start application
PID:4232 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4456
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4708
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4816
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5020
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4212
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5036
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:3352
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5272
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5312 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵
- Adds Run key to start application
PID:5344 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5420
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5596
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5696
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5824
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5944
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6104
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5364
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5856
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵PID:4448
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe11⤵PID:6096
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5296
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:4776
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5620
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5312
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:6204
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:6364
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:6536
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:6704
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵PID:6768
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe13⤵PID:6784
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:6852
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:7024
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:5212
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:6640
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:936
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:2208
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:6260
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:6588
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"14⤵PID:6080
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe15⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:6864 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:6788
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:7340
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:7572
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:7804
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:7928
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:8096
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:7320
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:7660
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"16⤵PID:7724
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe17⤵PID:7632
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:5412
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:6608
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"18⤵PID:8048
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4492 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵PID:3376
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4660
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:2420
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3976
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5100
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4508
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:1672
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5204
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5428
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5456 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵PID:5472
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5516
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5656
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5736
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5884
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:6028
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5224
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5012
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5128
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵PID:5316
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵
- Adds Run key to start application
PID:5508 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:4156
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:5360
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6012
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1436
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6292
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6460
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6628
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6868
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵PID:6896
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe11⤵PID:6912
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:6960
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:7160
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:6468
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5164
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:7008
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:5584
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:6532
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:984
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵PID:7180
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe13⤵PID:7208
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:7252
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:7460
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:7672
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:7844
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:8008
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:6968
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:6360
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:8076
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"14⤵PID:1204
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe15⤵PID:8184
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:1840
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:7192
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5548 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵PID:5572
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5632
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5712
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5840
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5988
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:6120
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:3376
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5960
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5180
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵PID:6008
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵PID:5400
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:4908
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5572
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:1472
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:6252
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:6388
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:6560
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:6740
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:6976
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵PID:7012
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵PID:7036
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:7096
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6444
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6724
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6956
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6340
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6896
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:6716
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:7292
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵PID:7312
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe11⤵PID:7348
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:7404
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:7624
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:7828
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:7996
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:8164
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:7132
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:6920
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:7388
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵PID:7048
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe13⤵PID:6592
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:2512
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"14⤵PID:7048
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵PID:3172
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵
- Boot or Logon Autostart Execution: Active Setup
PID:1880 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:5316
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4828
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:6160
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:6308
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:6476
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:6660
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:6884
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:7068
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵PID:7116
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵PID:7132
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:6224
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:6520
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:6776
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:7032
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:5168
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:6484
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:6080
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:7368
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵PID:7416
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵
- Adds Run key to start application
PID:7432 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:7504
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:7732
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:7876
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:8032
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:7220
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:7552
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:8084
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:7728
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵PID:7904
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe11⤵
- Boot or Logon Autostart Execution: Active Setup
PID:7240 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"12⤵PID:6604
-
-
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵PID:6188
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵PID:6324
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:4232
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:6692
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:6904
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:7116
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:6844
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:7056
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:7272
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:7476
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵PID:7520
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵PID:7544
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:7600
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:7820
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:7956
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:8140
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:7312
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:7744
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:7092
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵PID:8180
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵PID:7048
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe9⤵
- Adds Run key to start application
PID:7512 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:7352
-
-
-
-
-
-
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵PID:7608
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe5⤵PID:7644
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:7700
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:7860
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:8016
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:6916
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:7516
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:8064
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:7608
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵PID:6620
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵PID:7580
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe7⤵PID:7436
-
-
-
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:1972
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2480
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2448
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:1868
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:976
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2168
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2676
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:2712
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2764 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe4⤵
- Executes dropped EXE
PID:3004 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2880
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2868
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2892
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2952
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2760
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2956
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2864
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:2732
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2616 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe6⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2572 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2644
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2280
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2668
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2812
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1780
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2808
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2944
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2556
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2796 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe8⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2752 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:1984
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:1420
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:2536
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:2352
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:448
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:2036
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:828
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵PID:1176
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:928 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe10⤵
- Executes dropped EXE
PID:1564 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:760
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:1432
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:2436
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:588
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:2360
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:1608
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:2292
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵PID:2976
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"11⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2372 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe12⤵
- Executes dropped EXE
PID:2720 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:2988
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:2848
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:2908
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:692
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:2216
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:660
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:788
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:2148
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"13⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2456 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe14⤵
- Executes dropped EXE
PID:1396 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵PID:980
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵PID:1992
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵PID:2932
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵PID:2788
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵PID:2336
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵PID:2260
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵PID:2108
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵PID:2728
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"15⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:236 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe16⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:2844 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵PID:528
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵PID:2192
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵PID:3212
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵PID:3412
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵PID:3548
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵PID:3604
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵PID:3656
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵PID:3704
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"17⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3732 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe18⤵
- Executes dropped EXE
- Adds Run key to start application
PID:3756 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:3796
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:3892
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:3996
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:1932
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:3464
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:1344
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:3788
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:3920
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"19⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3960 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe20⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:4048 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵PID:4092
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵PID:3504
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵PID:3388
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵PID:3112
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵PID:4136
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵PID:4272
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵PID:4336
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵PID:4404
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"21⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4432 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe22⤵PID:4468
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵PID:4500
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵PID:4572
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵PID:4728
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵PID:4936
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵PID:5108
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵PID:4600
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵PID:4784
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵PID:4880
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"23⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4908 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe24⤵
- Adds Run key to start application
PID:1732 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:5044
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:4132
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:4072
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:5024
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:5280
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:5492
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:5648
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:5728
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"25⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5772 -
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe26⤵
- Adds Run key to start application
PID:5800 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵PID:5860
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵PID:5980
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵PID:6128
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵PID:5452
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵PID:5964
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵PID:5588
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵PID:5504
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵PID:5820
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"27⤵PID:1492
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe28⤵
- Adds Run key to start application
PID:5380 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵PID:1520
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵PID:6244
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵PID:6380
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵PID:6552
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵PID:6732
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵PID:6940
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵PID:7152
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵PID:6492
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"29⤵PID:6584
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe30⤵PID:6616
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:5968
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:5568
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:7128
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:6812
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:6636
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:7232
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:7444
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:7664
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"31⤵PID:7724
-
C:\Windows\InstallDir\Server.exeC:\Windows\InstallDir\Server.exe32⤵PID:7748
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵PID:7792
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵PID:7912
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵PID:8088
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵PID:7308
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵PID:7652
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵PID:8176
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵PID:7208
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5a49877c59cafd4b536785ea1c209a64c
SHA15ffe1f8d6f3b098d8dc12b77c6b009b2be6096b2
SHA2560019652167650ab8ca37eba1bd1f0cfc2835c390ff24aa5bf8c1f335a7cfb2d7
SHA512f340644689709bedd20af4aac910036de334d274ee09eb5fd8389a74942552b2e30b140a2d4e25e4acd42f1138f85655180ef797262e7f6d46bcce80f0da9e0c
-
Filesize
105KB
MD55d7c90150d55fc541445ac38f4f48797
SHA12026786485f9f1fae9ea6d207a020bbcb42ded99
SHA2569a97a8175ef85ce58ae684ccb40a0c9c85f178dcc78db85bd5e3a3a81ebe69d0
SHA5120bc03b4049ef18bc1f5d36adfd77f4ed915b1be61a65021f0a3c5272fab2664c9aa5846121870fe47b5fbb46c0d62e82a7e5d65ca14d3082242853921dc1201a