9e4ef8952b6627b7b869feca6fe4cc5dddf9d5cf064724d6b8f2bd328d5324be

Analysis

max time kernel
148s
max time network
147s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 10:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95b6aee2ae326e6b9e44f488ead509ac_JaffaCakes118.exe
Size

67KB
MD5

95b6aee2ae326e6b9e44f488ead509ac
SHA1

1cd1989ffcc2483d308bf1b40456ef2e00061b09
SHA256

9e4ef8952b6627b7b869feca6fe4cc5dddf9d5cf064724d6b8f2bd328d5324be
SHA512

5e206ec1b0cae838b04a5f4d747ba8c615f02a933182d105293d167c2f6bfa9a4df99682f5c05f97ff47b24f17da7cef6bf17d56f62ff3528befd729693e59d1
SSDEEP

1536:NrpRA997SzHmcAnUNcYo92zlzD1YX+P/uWKmqEx5P/II:Nr7ANnUtfzlf17/uW7qF

Score

8^/10

discovery upx

Malware Config

Signatures

Drops file in Drivers directory 50 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File opened for modification	C:\Windows\SysWOW64\drivers\expllorer.exe	95b6aee2ae326e6b9e44f488ead509ac_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	95b6aee2ae326e6b9e44f488ead509ac_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe
File created	C:\Windows\SysWOW64\drivers\expllorer.exe	expllorer.exe

Executes dropped EXE 49 IoCs

pid	Process
2060	expllorer.exe
2648	expllorer.exe
1252	expllorer.exe
2268	expllorer.exe
2684	expllorer.exe
2800	expllorer.exe
2584	expllorer.exe
2128	expllorer.exe
2764	expllorer.exe
1700	expllorer.exe
3024	expllorer.exe
1956	expllorer.exe
1172	expllorer.exe
908	expllorer.exe
2128	expllorer.exe
2516	expllorer.exe
1556	expllorer.exe
896	expllorer.exe
2140	expllorer.exe
1976	expllorer.exe
1556	expllorer.exe
1564	expllorer.exe
584	expllorer.exe
1628	expllorer.exe
2428	expllorer.exe
984	expllorer.exe
2700	expllorer.exe
2476	expllorer.exe
2116	expllorer.exe
2700	expllorer.exe
2044	expllorer.exe
3212	expllorer.exe
3312	expllorer.exe
3444	expllorer.exe
3548	expllorer.exe
3708	expllorer.exe
3840	expllorer.exe
4016	expllorer.exe
3088	expllorer.exe
2776	expllorer.exe
3372	expllorer.exe
3528	expllorer.exe
3696	expllorer.exe
3708	expllorer.exe
4036	expllorer.exe
3252	expllorer.exe
3292	expllorer.exe
3508	expllorer.exe
3548	expllorer.exe

Loads dropped DLL 64 IoCs

pid	Process
1384	95b6aee2ae326e6b9e44f488ead509ac_JaffaCakes118.exe
1384	95b6aee2ae326e6b9e44f488ead509ac_JaffaCakes118.exe
2060	expllorer.exe
2060	expllorer.exe
2648	expllorer.exe
2648	expllorer.exe
1252	expllorer.exe
1252	expllorer.exe
2268	expllorer.exe
2268	expllorer.exe
2684	expllorer.exe
2684	expllorer.exe
2800	expllorer.exe
2800	expllorer.exe
2584	expllorer.exe
2584	expllorer.exe
2128	expllorer.exe
2128	expllorer.exe
2764	expllorer.exe
2764	expllorer.exe
1700	expllorer.exe
1700	expllorer.exe
3024	expllorer.exe
3024	expllorer.exe
1956	expllorer.exe
1956	expllorer.exe
1172	expllorer.exe
1172	expllorer.exe
908	expllorer.exe
908	expllorer.exe
2128	expllorer.exe
2128	expllorer.exe
2516	expllorer.exe
2516	expllorer.exe
1556	expllorer.exe
1556	expllorer.exe
896	expllorer.exe
896	expllorer.exe
2140	expllorer.exe
2140	expllorer.exe
1976	expllorer.exe
1976	expllorer.exe
1556	expllorer.exe
1556	expllorer.exe
1564	expllorer.exe
1564	expllorer.exe
584	expllorer.exe
584	expllorer.exe
1628	expllorer.exe
1628	expllorer.exe
2428	expllorer.exe
2428	expllorer.exe
984	expllorer.exe
984	expllorer.exe
2700	expllorer.exe
2700	expllorer.exe
2476	expllorer.exe
2476	expllorer.exe
2116	expllorer.exe
2116	expllorer.exe
2700	expllorer.exe
2700	expllorer.exe
2044	expllorer.exe
2044	expllorer.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1384-0-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/files/0x0009000000018710-2.dat	upx
behavioral1/memory/1384-4-0x0000000000220000-0x000000000024E000-memory.dmp	upx
behavioral1/memory/1384-12-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2648-23-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2060-25-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1252-35-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2648-37-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2268-186-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1252-188-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2684-223-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2268-224-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2684-236-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2800-234-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2800-247-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2584-246-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2128-518-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2584-520-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2128-531-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1700-541-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2764-542-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/3024-551-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1700-553-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1956-563-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/3024-564-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1172-573-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1956-574-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1172-585-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/908-596-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2128-606-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1556-616-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2516-618-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1556-626-0x0000000000220000-0x000000000024E000-memory.dmp	upx
behavioral1/memory/896-628-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1556-629-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2140-639-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/896-641-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1976-651-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2140-653-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1556-663-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1564-671-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1556-673-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/584-1031-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1564-1042-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1628-1121-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/584-1122-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2428-1129-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1628-1131-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/984-1137-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2428-1138-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2700-1144-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/984-1145-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2476-1150-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2700-1152-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2116-1159-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2476-1161-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2700-1167-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2116-1169-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2700-1177-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2044-1184-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/3212-1191-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/3708-1221-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/4016-1235-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/3372-1257-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Windows directory 50 IoCs

description	ioc	Process
File created	C:\Windows\8142024103027.exe	expllorer.exe
File created	C:\Windows\8142024103143.exe	expllorer.exe
File created	C:\Windows\8142024102951.exe	expllorer.exe
File created	C:\Windows\8142024103110.exe	expllorer.exe
File created	C:\Windows\8142024103003.exe	expllorer.exe
File created	C:\Windows\8142024103149.exe	expllorer.exe
File created	C:\Windows\8142024103204.exe	expllorer.exe
File created	C:\Windows\8142024103021.exe	expllorer.exe
File created	C:\Windows\8142024103116.exe	expllorer.exe
File created	C:\Windows\8142024103134.exe	expllorer.exe
File created	C:\Windows\8142024103030.exe	expllorer.exe
File created	C:\Windows\8142024102942.exe	expllorer.exe
File created	C:\Windows\8142024103000.exe	expllorer.exe
File created	C:\Windows\8142024103006.exe	expllorer.exe
File created	C:\Windows\8142024103042.exe	expllorer.exe
File created	C:\Windows\8142024103128.exe	expllorer.exe
File created	C:\Windows\8142024103155.exe	expllorer.exe
File created	C:\Windows\8142024103033.exe	expllorer.exe
File created	C:\Windows\8142024103103.exe	expllorer.exe
File created	C:\Windows\8142024103113.exe	expllorer.exe
File created	C:\Windows\8142024103146.exe	expllorer.exe
File created	C:\Windows\8142024103045.exe	expllorer.exe
File created	C:\Windows\8142024103100.exe	expllorer.exe
File created	C:\Windows\8142024103106.exe	expllorer.exe
File created	C:\Windows\8142024103152.exe	expllorer.exe
File created	C:\Windows\8142024102939.exe	expllorer.exe
File created	C:\Windows\8142024103140.exe	expllorer.exe
File created	C:\Windows\8142024103158.exe	expllorer.exe
File created	C:\Windows\8142024103048.exe	expllorer.exe
File created	C:\Windows\8142024103009.exe	expllorer.exe
File created	C:\Windows\8142024103036.exe	expllorer.exe
File created	C:\Windows\8142024103051.exe	expllorer.exe
File created	C:\Windows\8142024103125.exe	expllorer.exe
File created	C:\Windows\8142024103131.exe	expllorer.exe
File created	C:\Windows\8142024103012.exe	expllorer.exe
File created	C:\Windows\8142024103018.exe	expllorer.exe
File created	C:\Windows\8142024103024.exe	expllorer.exe
File created	C:\Windows\8142024102948.exe	expllorer.exe
File created	C:\Windows\8142024102954.exe	expllorer.exe
File created	C:\Windows\8142024103201.exe	expllorer.exe
File created	C:\Windows\8142024102936.exe	95b6aee2ae326e6b9e44f488ead509ac_JaffaCakes118.exe
File created	C:\Windows\8142024102945.exe	expllorer.exe
File created	C:\Windows\8142024103015.exe	expllorer.exe
File created	C:\Windows\8142024103039.exe	expllorer.exe
File created	C:\Windows\8142024103119.exe	expllorer.exe
File created	C:\Windows\8142024103054.exe	expllorer.exe
File created	C:\Windows\8142024103137.exe	expllorer.exe
File created	C:\Windows\8142024102957.exe	expllorer.exe
File created	C:\Windows\8142024103057.exe	expllorer.exe
File created	C:\Windows\8142024103122.exe	expllorer.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	95b6aee2ae326e6b9e44f488ead509ac_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expllorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 57 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb9000000000200000000001066000000010000200000002400b2c795c183fea4b064799ce478fb9f0f74037b2fd6b8e48cb094e8ee84eb000000000e8000000002000020000000ccfdc739a3d2e532dec5ca7bf66ac5305d8f8b737d46ce7a10ba732d6d03d5a3900000004b6aa1639db25d6619d0971b5009ab6f28a1db4d0092b9e954054467d9ed067b7f977b93cb952358f42ad5b7e574b33b3e0b909f40f4a7a3622aabb92ac579ef59bd46491e07288166fb0ed433beed1c0607d1bb5fe58918a3ffba44e1bdd185b9c293953d2fd0e07b2e858cca99e1478704e0bbfc3cf86337907ec172f6f7c5941dec886eb44b949cfea70630cd2305400000001fdec5a4eb852707086a925aa166611c5827e75b02f048c6f3c9d5a9329fa8e7a6ceb686eb24d7fd19021dd8baad894d51a1f3f085cb78d4910bb5f1a78f3251	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3200000032000000b804000097020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff6f00000019000000f50400007e020000	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff6400000019000000ea0400007e020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff4b00000000000000d104000065020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a04454e034eeda01	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff00000000000000008604000065020000	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff19000000190000009f0400007e020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000c9e451fe8c61e334c345ee2a4903ee46f281d7217313db82e520452b9bb65764000000000e8000000002000020000000947ae3948abed05475a1ad205df04a8cac4e66d08c1d03b7adadbcd97998403f2000000051cbca2724f6bc191e9e780606a1d4d971e53656fc6827a71c9b6d9927135ef34000000062b6f2c340c45f98fb7ef25e83907a31963f295b1b6ee81d13b6166d8b697fa4e75d7e048ce8588fd6e587736af1ae7a99bcd495ec2dddec585495e9af06db40	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429793246"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1BCF2271-5A28-11EF-9438-E643F72B7232} = "0"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
572	IEXPLORE.EXE
572	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2244	IEXPLORE.EXE
2244	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2156	IEXPLORE.EXE
2156	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
1388	IEXPLORE.EXE
1388	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
572	IEXPLORE.EXE
572	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2244	IEXPLORE.EXE
2244	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
1696	IEXPLORE.EXE
1696	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2156	IEXPLORE.EXE
2156	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
1308	IEXPLORE.EXE
1308	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
1388	IEXPLORE.EXE
1388	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
1776	IEXPLORE.EXE
1776	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
1192	IEXPLORE.EXE
1192	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 2060	1384	95b6aee2ae326e6b9e44f488ead509ac_JaffaCakes118.exe	31
PID 1384 wrote to memory of 2060	1384	95b6aee2ae326e6b9e44f488ead509ac_JaffaCakes118.exe	31
PID 1384 wrote to memory of 2060	1384	95b6aee2ae326e6b9e44f488ead509ac_JaffaCakes118.exe	31
PID 1384 wrote to memory of 2060	1384	95b6aee2ae326e6b9e44f488ead509ac_JaffaCakes118.exe	31
PID 1384 wrote to memory of 2100	1384	95b6aee2ae326e6b9e44f488ead509ac_JaffaCakes118.exe	32
PID 1384 wrote to memory of 2100	1384	95b6aee2ae326e6b9e44f488ead509ac_JaffaCakes118.exe	32
PID 1384 wrote to memory of 2100	1384	95b6aee2ae326e6b9e44f488ead509ac_JaffaCakes118.exe	32
PID 1384 wrote to memory of 2100	1384	95b6aee2ae326e6b9e44f488ead509ac_JaffaCakes118.exe	32
PID 2100 wrote to memory of 2032	2100	iexplore.exe	33
PID 2100 wrote to memory of 2032	2100	iexplore.exe	33
PID 2100 wrote to memory of 2032	2100	iexplore.exe	33
PID 2100 wrote to memory of 2032	2100	iexplore.exe	33
PID 2032 wrote to memory of 2080	2032	IEXPLORE.EXE	34
PID 2032 wrote to memory of 2080	2032	IEXPLORE.EXE	34
PID 2032 wrote to memory of 2080	2032	IEXPLORE.EXE	34
PID 2032 wrote to memory of 2080	2032	IEXPLORE.EXE	34
PID 2060 wrote to memory of 2648	2060	expllorer.exe	36
PID 2060 wrote to memory of 2648	2060	expllorer.exe	36
PID 2060 wrote to memory of 2648	2060	expllorer.exe	36
PID 2060 wrote to memory of 2648	2060	expllorer.exe	36
PID 2060 wrote to memory of 2524	2060	expllorer.exe	37
PID 2060 wrote to memory of 2524	2060	expllorer.exe	37
PID 2060 wrote to memory of 2524	2060	expllorer.exe	37
PID 2060 wrote to memory of 2524	2060	expllorer.exe	37
PID 2524 wrote to memory of 2828	2524	iexplore.exe	38
PID 2524 wrote to memory of 2828	2524	iexplore.exe	38
PID 2524 wrote to memory of 2828	2524	iexplore.exe	38
PID 2524 wrote to memory of 2828	2524	iexplore.exe	38
PID 2032 wrote to memory of 572	2032	IEXPLORE.EXE	39
PID 2032 wrote to memory of 572	2032	IEXPLORE.EXE	39
PID 2032 wrote to memory of 572	2032	IEXPLORE.EXE	39
PID 2032 wrote to memory of 572	2032	IEXPLORE.EXE	39
PID 2648 wrote to memory of 1252	2648	expllorer.exe	40
PID 2648 wrote to memory of 1252	2648	expllorer.exe	40
PID 2648 wrote to memory of 1252	2648	expllorer.exe	40
PID 2648 wrote to memory of 1252	2648	expllorer.exe	40
PID 2648 wrote to memory of 1308	2648	expllorer.exe	41
PID 2648 wrote to memory of 1308	2648	expllorer.exe	41
PID 2648 wrote to memory of 1308	2648	expllorer.exe	41
PID 2648 wrote to memory of 1308	2648	expllorer.exe	41
PID 1308 wrote to memory of 800	1308	iexplore.exe	42
PID 1308 wrote to memory of 800	1308	iexplore.exe	42
PID 1308 wrote to memory of 800	1308	iexplore.exe	42
PID 1308 wrote to memory of 800	1308	iexplore.exe	42
PID 2032 wrote to memory of 2244	2032	IEXPLORE.EXE	43
PID 2032 wrote to memory of 2244	2032	IEXPLORE.EXE	43
PID 2032 wrote to memory of 2244	2032	IEXPLORE.EXE	43
PID 2032 wrote to memory of 2244	2032	IEXPLORE.EXE	43
PID 1252 wrote to memory of 2268	1252	expllorer.exe	45
PID 1252 wrote to memory of 2268	1252	expllorer.exe	45
PID 1252 wrote to memory of 2268	1252	expllorer.exe	45
PID 1252 wrote to memory of 2268	1252	expllorer.exe	45
PID 1252 wrote to memory of 1480	1252	expllorer.exe	46
PID 1252 wrote to memory of 1480	1252	expllorer.exe	46
PID 1252 wrote to memory of 1480	1252	expllorer.exe	46
PID 1252 wrote to memory of 1480	1252	expllorer.exe	46
PID 1480 wrote to memory of 2728	1480	iexplore.exe	47
PID 1480 wrote to memory of 2728	1480	iexplore.exe	47
PID 1480 wrote to memory of 2728	1480	iexplore.exe	47
PID 1480 wrote to memory of 2728	1480	iexplore.exe	47
PID 2032 wrote to memory of 2156	2032	IEXPLORE.EXE	48
PID 2032 wrote to memory of 2156	2032	IEXPLORE.EXE	48
PID 2032 wrote to memory of 2156	2032	IEXPLORE.EXE	48
PID 2032 wrote to memory of 2156	2032	IEXPLORE.EXE	48

C:\Users\Admin\AppData\Local\Temp\95b6aee2ae326e6b9e44f488ead509ac_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\95b6aee2ae326e6b9e44f488ead509ac_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Windows\SysWOW64\drivers\expllorer.exe
  C:\Windows\system32\drivers\expllorer.exe
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2060
- - C:\Windows\SysWOW64\drivers\expllorer.exe
    C:\Windows\system32\drivers\expllorer.exe
    3⤵
    - Drops file in Drivers directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Suspicious use of WriteProcessMemory
    PID:2648
  - - C:\Windows\SysWOW64\drivers\expllorer.exe
      C:\Windows\system32\drivers\expllorer.exe
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1252
    - - C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        5⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:2268
      - C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        6⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:2684
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        7⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:2800
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        8⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:2584
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        9⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:2128
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        10⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:2764
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        11⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:1700
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        12⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:3024
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        13⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:1956
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        14⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:1172
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        15⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:908
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        16⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:2128
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        17⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:2516
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        18⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:1556
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        19⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:896
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        20⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:2140
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        21⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:1976
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        22⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:1556
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        23⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:1564
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        24⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:584
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        25⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:1628
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        26⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:2428
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        27⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:984
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        28⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:2700
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        29⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:2476
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        30⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:2116
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        31⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:2700
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        32⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:2044
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        33⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:3212
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        34⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3312
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        35⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:3444
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        36⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3548
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        37⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:3708
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        38⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:3840
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        39⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:4016
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        40⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3088
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        41⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2776
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        42⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:3372
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        43⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3528
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        44⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3696
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        45⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3708
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        46⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:4036
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        47⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3252
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        48⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:3292
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        49⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:3508
        
        C:\Windows\SysWOW64\drivers\expllorer.exe
        
        C:\Windows\system32\drivers\expllorer.exe
        50⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3548
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        50⤵
        System Location Discovery: System Language Discovery
        
        PID:3404
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        51⤵
        
        PID:3720
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        49⤵
        
        PID:3520
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        50⤵
        
        PID:3228
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        48⤵
        System Location Discovery: System Language Discovery
        
        PID:3392
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        49⤵
        
        PID:3316
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        47⤵
        System Location Discovery: System Language Discovery
        
        PID:2712
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        48⤵
        
        PID:3092
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        46⤵
        System Location Discovery: System Language Discovery
        
        PID:3084
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        47⤵
        
        PID:584
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        45⤵
        
        PID:3872
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        46⤵
        
        PID:3920
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        44⤵
        System Location Discovery: System Language Discovery
        
        PID:3736
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        45⤵
        
        PID:3716
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        43⤵
        System Location Discovery: System Language Discovery
        
        PID:2916
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        44⤵
        
        PID:3540
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        42⤵
        System Location Discovery: System Language Discovery
        
        PID:3388
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        43⤵
        
        PID:1804
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        41⤵
        System Location Discovery: System Language Discovery
        
        PID:1060
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        42⤵
        
        PID:2308
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        40⤵
        
        PID:2616
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        41⤵
        
        PID:3160
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        39⤵
        System Location Discovery: System Language Discovery
        
        PID:4024
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        40⤵
        
        PID:4036
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        38⤵
        
        PID:3848
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        39⤵
        
        PID:3856
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        37⤵
        System Location Discovery: System Language Discovery
        
        PID:3716
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        38⤵
        
        PID:3724
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        36⤵
        System Location Discovery: System Language Discovery
        
        PID:3556
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        37⤵
        
        PID:3564
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        35⤵
        
        PID:3452
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        36⤵
        
        PID:3460
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        34⤵
        
        PID:3320
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        35⤵
        
        PID:3328
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        33⤵
        System Location Discovery: System Language Discovery
        
        PID:3220
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        34⤵
        
        PID:3228
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        32⤵
        System Location Discovery: System Language Discovery
        
        PID:2792
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        33⤵
        
        PID:2492
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        31⤵
        
        PID:2584
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        32⤵
        
        PID:2132
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        30⤵
        
        PID:2584
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        31⤵
        
        PID:2868
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        29⤵
        System Location Discovery: System Language Discovery
        
        PID:1916
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        30⤵
        
        PID:2584
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        28⤵
        System Location Discovery: System Language Discovery
        
        PID:2600
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        29⤵
        
        PID:1972
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        27⤵
        
        PID:1592
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        28⤵
        
        PID:1060
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        26⤵
        
        PID:772
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        27⤵
        
        PID:920
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        25⤵
        System Location Discovery: System Language Discovery
        
        PID:1916
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        26⤵
        
        PID:2628
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        24⤵
        
        PID:2872
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        25⤵
        
        PID:1916
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        23⤵
        
        PID:2736
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        24⤵
        
        PID:1244
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        22⤵
        
        PID:2184
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        23⤵
        
        PID:2376
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:1956
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        22⤵
        
        PID:112
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        20⤵
        
        PID:1752
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        21⤵
        
        PID:3052
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        19⤵
        
        PID:1628
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        20⤵
        
        PID:1172
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:1976
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        19⤵
        
        PID:1084
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2852
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        18⤵
        
        PID:2900
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1480
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        17⤵
        
        PID:868
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        15⤵
        
        PID:1536
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        16⤵
        
        PID:1648
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        14⤵
        
        PID:1852
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        15⤵
        
        PID:1916
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        13⤵
        
        PID:300
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        14⤵
        
        PID:1556
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1112
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        13⤵
        
        PID:1288
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2108
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        12⤵
        
        PID:3048
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:788
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        11⤵
        
        PID:984
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2376
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        10⤵
        
        PID:1332
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        8⤵
        
        PID:2044
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        9⤵
        
        PID:2192
        
        C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        7⤵
        
        PID:1620
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        8⤵
        
        PID:1564
      - C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2652
        
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        7⤵
        
        PID:2816
    - - C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1480
      - C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        6⤵
        
        PID:2728
  - - C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1308
    - - C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
        5⤵
        
        PID:800
- - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2524
  - - C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
      4⤵
      PID:2828
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2100
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://s69.flogao.com.br/2008/09/08/72/127010932.jpg
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2032
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2080
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275462 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:572
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:537611 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2244
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:668692 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2156
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:537636 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1388
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:3945492 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:3056
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:3945502 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1696
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:3421211 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1308
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:3683359 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1776
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:3355704 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1192
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:3486761 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      PID:2764
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:3224630 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      PID:656
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:2831413 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      PID:1536
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:2241595 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      PID:2540
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:1979462 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      PID:3104
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:2307145 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      PID:3596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9217e85aabcbcd9f97f8fd07fd3d8342

SHA1
f8c87320cb77c511833547b977ed96f26b7c497c

SHA256
381432d03886a6f5cda89b6d213797aa73b15c9f15fc53c2328c93ed334f2a60

SHA512
8c5a9cae47093b3aa81651bcb946676d60ee67ec5520ffbef0fc1220b97d395089b8514178bde86c6b7be73ac1ed9662b72590948d04455db492baea6a31ff6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ae55044d0bbd09eafb0f221ca0819cf

SHA1
6fa94de8f77818d3f94d2b0ece974e35e991c664

SHA256
c082974e040c028d17e91bdda18cf937e7ce0094ce9dee1738ed5d4071f5a3b4

SHA512
a54e3408afe0c1db4cef53e2b20632c60f437246c92bd3b77748493c27213746fb605b06a7741880bde07ba042e21ded4fdb3cf6e7d86439863ae9b1aaa87f39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84c9aca2d74bb97013089003a43c1ddb

SHA1
c91baaa6d8963b9fd0b95fcf6f498e500f25e33a

SHA256
858d199a3b7e811c84b01d5d07e14c0c7dc897ce766f3ec230a55617d288b558

SHA512
25c6f526214041c16a6b45ebccf4dcbd61ed66e993b23837b0a9000292c1d05b688ccc3fc3f31e4c5e483918b7ae2c3d948a393292de92a1e99a7199cd71218d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df1b220cc4a12bd3a532fffd02be2099

SHA1
61057a28487eefc90cb81549ff16c465ea18d009

SHA256
2d436e03e2d29579afb64783495212f11a1c77ae4377e25cae9ae18e10a60231

SHA512
0f1c4b960c8d7fdc8b63c5419f577c7a77b5b9c83b781a6459ee22ce185cb81d194685ae852ce0238287ebecdfa375758f37ba45161840f4d28221d53b005a05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33f39f47755cf58b8ccbdcabf7298252

SHA1
dd8d323dc9d927330c61be64636483b2abf8dba9

SHA256
01272f385325285f13df73bc6402b754c9565b6b9799029177ee10b23c778013

SHA512
7d67decf2e34ecef6001b46f0854e50405f2d6f66ae1a066153150ba50b0c68bb9117563bb2730e4c53e7d6092058327a0ab62d44edd9c6da5b95f1b0be58d1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48a361e9b3b3526f0bdefcbc145c3a10

SHA1
c4cbf533378b62af419c94d3fcfe7a896023c7a4

SHA256
1937106752f7948d9ae2ddefeb08364f6b047f58e05ea358777f5353507827a1

SHA512
5ed59925657cdeb4b976965d72276c2770a05f850f07fba708209c65e645ade0f2f40c001640cd41910293dbabbb5a4b6dba9f4dd8deaa57a414a710bad805a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d463adbec66df2144f31a076168ba12

SHA1
cb20ba0ad7b551ff41d4ba3487507f5dee2b0fd9

SHA256
cca8a76809c14e7e9031400ba737f80aa03e93007a901221b3d6baaf368affd5

SHA512
528d41562e159f724d7816e5c4e90b94c89b81b5b897b1e34fbe8ba9822e845817d086c6a9c1cd4a4460d464cb3e67620a60185d952e3e61de0a6fc7aa869faa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
574fa3cc8487be6bf7e208f5b307d145

SHA1
572a0a561d8f73c46e5b43eb96ec96ea44f105f6

SHA256
826936754e219f6f82bafc75e4ee838b0a13da381db34cf66a31eea8f2c0f118

SHA512
76436b9ab53f4f3d8603b50938c0d76120516a4ec6ed611f4951cc7bef80d088b20fc93b30c002d79fd0d4fb85ab3a55d2ea33a06c027affb9b6606cca32d54c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85508c539c4db0af430ff4f5351918cc

SHA1
19e34f2ea0050b7122f667c32967a34267a4a3a8

SHA256
30a34bed46e669be0249848110a80cc7e5d583b79a0f5cda9e9668d38e5457ff

SHA512
11c159db2d429711b55a8a7dda98a1d5cf1e9b223164d03f7489b31b3c0497bfb260226b1cca95fea9bfe6230e69ad7b152df3b43c3b69fc5eda9cf9432df87f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03bbdff5fa1ab4d2bea0ffe787abfed3

SHA1
c1564fb2d0d8eccedb33b57abfa9392b53685d65

SHA256
bcfe8bfde855a2363490fe4153d9c7cff125240d569f7a3feb21c5ff363c3338

SHA512
bed9ea4a46d87a815badd33c5728069ccf04bba30402b01767eb1113ee8e2217f49996a1eae9bd2050682e8b2ba198138bc66e0c7ff5c9265043d6e4ff096418

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22499e3665b0b60ed4c1a708f4ed9eff

SHA1
6632ac4c0448a97f39931e52d882e54f66165127

SHA256
00acb7c585b00d4c577b7227f26d38552502235872446f690dcd8a010a9adbbc

SHA512
5294577b97ae93efeb173722360fb6d9763e40d7631956cca5d58e5b6c709e0cbafb2b7bfedca8612e7368cee5f44533995b68c95ab7b41b531a7f515bd526d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\dnserror[1]

Filesize
1KB

MD5
73c70b34b5f8f158d38a94b9d7766515

SHA1
e9eaa065bd6585a1b176e13615fd7e6ef96230a9

SHA256
3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

SHA512
927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\errorPageStrings[1]

Filesize
2KB

MD5
e3e4a98353f119b80b323302f26b78fa

SHA1
20ee35a370cdd3a8a7d04b506410300fd0a6a864

SHA256
9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

SHA512
d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\httpErrorPagesScripts[1]

Filesize
8KB

MD5
3f57b781cb3ef114dd0b665151571b7b

SHA1
ce6a63f996df3a1cccb81720e21204b825e0238c

SHA256
46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

SHA512
8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW44N8OS\NewErrorPageTemplate[1]

Filesize
1KB

MD5
cdf81e591d9cbfb47a7f97a2bcdb70b9

SHA1
8f12010dfaacdecad77b70a3e781c707cf328496

SHA256
204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd

SHA512
977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab124B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar12DB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Windows\SysWOW64\drivers\expllorer.exe

Filesize
67KB

MD5
95b6aee2ae326e6b9e44f488ead509ac

SHA1
1cd1989ffcc2483d308bf1b40456ef2e00061b09

SHA256
9e4ef8952b6627b7b869feca6fe4cc5dddf9d5cf064724d6b8f2bd328d5324be

SHA512
5e206ec1b0cae838b04a5f4d747ba8c615f02a933182d105293d167c2f6bfa9a4df99682f5c05f97ff47b24f17da7cef6bf17d56f62ff3528befd729693e59d1

Download Submit
memory/584-1120-0x0000000000320000-0x000000000034E000-memory.dmp

Filesize
184KB

Download
memory/584-1031-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/584-1122-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/584-1119-0x0000000000320000-0x000000000034E000-memory.dmp

Filesize
184KB

Download
memory/896-628-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/896-637-0x0000000000320000-0x000000000034E000-memory.dmp

Filesize
184KB

Download
memory/896-638-0x0000000000320000-0x000000000034E000-memory.dmp

Filesize
184KB

Download
memory/896-641-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/908-594-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/908-592-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/908-596-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/984-1137-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/984-1143-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/984-1145-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1172-585-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1172-582-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/1172-583-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/1172-573-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1252-35-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1252-188-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1252-185-0x00000000001B0000-0x00000000001DE000-memory.dmp

Filesize
184KB

Download
memory/1384-10-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/1384-12-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1384-0-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1384-4-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/1556-627-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/1556-670-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/1556-663-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1556-669-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/1556-629-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1556-673-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1556-626-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/1556-616-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1564-1029-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/1564-1042-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1564-671-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1564-1030-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/1628-1127-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/1628-1131-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1628-1121-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1628-1128-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/1700-541-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1700-550-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/1700-553-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1956-563-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1956-574-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1956-572-0x0000000000320000-0x000000000034E000-memory.dmp

Filesize
184KB

Download
memory/1976-662-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/1976-661-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/1976-651-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2044-1184-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2060-22-0x00000000002A0000-0x00000000002CE000-memory.dmp

Filesize
184KB

Download
memory/2060-25-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2060-21-0x00000000002A0000-0x00000000002CE000-memory.dmp

Filesize
184KB

Download
memory/2116-1169-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2116-1166-0x00000000003A0000-0x00000000003CE000-memory.dmp

Filesize
184KB

Download
memory/2116-1159-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2128-518-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2128-606-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2128-528-0x00000000003A0000-0x00000000003CE000-memory.dmp

Filesize
184KB

Download
memory/2128-529-0x00000000003A0000-0x00000000003CE000-memory.dmp

Filesize
184KB

Download
memory/2128-531-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2128-605-0x00000000003A0000-0x00000000003CE000-memory.dmp

Filesize
184KB

Download
memory/2128-604-0x00000000003A0000-0x00000000003CE000-memory.dmp

Filesize
184KB

Download
memory/2140-639-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2140-650-0x00000000003D0000-0x00000000003FE000-memory.dmp

Filesize
184KB

Download
memory/2140-653-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2140-649-0x00000000003D0000-0x00000000003FE000-memory.dmp

Filesize
184KB

Download
memory/2268-186-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2268-224-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2428-1136-0x0000000000230000-0x000000000025E000-memory.dmp

Filesize
184KB

Download
memory/2428-1129-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2428-1138-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2476-1157-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/2476-1150-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2476-1158-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/2476-1161-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2516-618-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2516-615-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/2516-614-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/2584-246-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2584-517-0x00000000003C0000-0x00000000003EE000-memory.dmp

Filesize
184KB

Download
memory/2584-516-0x00000000003C0000-0x00000000003EE000-memory.dmp

Filesize
184KB

Download
memory/2584-520-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2648-34-0x00000000001B0000-0x00000000001DE000-memory.dmp

Filesize
184KB

Download
memory/2648-37-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2648-23-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2648-33-0x00000000001B0000-0x00000000001DE000-memory.dmp

Filesize
184KB

Download
memory/2684-232-0x00000000001B0000-0x00000000001DE000-memory.dmp

Filesize
184KB

Download
memory/2684-233-0x00000000001B0000-0x00000000001DE000-memory.dmp

Filesize
184KB

Download
memory/2684-223-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2684-236-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2700-1177-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2700-1174-0x0000000000320000-0x000000000034E000-memory.dmp

Filesize
184KB

Download
memory/2700-1144-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2700-1167-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2700-1152-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2764-542-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2764-539-0x00000000003A0000-0x00000000003CE000-memory.dmp

Filesize
184KB

Download
memory/2764-540-0x00000000003A0000-0x00000000003CE000-memory.dmp

Filesize
184KB

Download
memory/2800-247-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2800-244-0x0000000000320000-0x000000000034E000-memory.dmp

Filesize
184KB

Download
memory/2800-245-0x0000000000320000-0x000000000034E000-memory.dmp

Filesize
184KB

Download
memory/2800-234-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3024-551-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3024-561-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/3024-562-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/3024-564-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3212-1191-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3372-1257-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3708-1221-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4016-1235-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4036-1290-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download