xtremerat | 498360803ae6c4f7fac2f07979d16a30e5ce4465360ce5cbe173e672730366c6

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
11-10-2024 12:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34c105c3274f5e8007e750b6ce27a645_JaffaCakes118.exe
Size

104KB
MD5

34c105c3274f5e8007e750b6ce27a645
SHA1

efb504dffdfce875cae44e9179f7afab5bf6e834
SHA256

498360803ae6c4f7fac2f07979d16a30e5ce4465360ce5cbe173e672730366c6
SHA512

3dfdf83577c4dc7289c940cb00ead2e69f26f90c7fa0a422d858b7568d1471baad711fd67f038f040b752e81ec877ca3d2eac9ca136f1bc4399058b87d799fbc
SSDEEP

1536:UxyqaL93kvktpu0Z2diB09q6bbnWsR/U5oUBtnFSg0HaEUSHEg:UI9GkO2mqUZ/U5jBfoFQg

Score

10^/10

xtremerat discovery persistence rat spyware upx

Malware Config

Signatures

Detect XtremeRAT payload 33 IoCs

resource	yara_rule
behavioral1/memory/1124-38-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/2960-44-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/2348-51-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/2272-58-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/2900-65-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/1688-71-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/2120-80-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/1688-83-0x0000000002620000-0x0000000002636000-memory.dmp	family_xtremerat
behavioral1/memory/272-87-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/1004-93-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/2608-98-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/1528-104-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/2556-108-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/2752-115-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/1632-120-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/2356-126-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/1336-132-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/940-139-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/2220-144-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/2772-150-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/2976-156-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/2444-163-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/1720-162-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/2444-168-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/2808-174-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/2892-178-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/888-182-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/3148-186-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/3376-191-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/3264-190-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/3376-195-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/3500-199-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/3620-202-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat

XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
persistence spyware rat xtremerat

Executes dropped EXE 31 IoCs

pid	Process
1124	SERVER.EXE
2960	SERVER.EXE
2348	SERVER.EXE
2272	SERVER.EXE
2900	SERVER.EXE
1688	SERVER.EXE
2120	SERVER.EXE
272	SERVER.EXE
1004	SERVER.EXE
2608	SERVER.EXE
1528	SERVER.EXE
2556	SERVER.EXE
2752	SERVER.EXE
1632	SERVER.EXE
2356	SERVER.EXE
1336	SERVER.EXE
940	SERVER.EXE
2220	SERVER.EXE
2772	SERVER.EXE
2976	SERVER.EXE
1720	SERVER.EXE
2444	SERVER.EXE
2808	SERVER.EXE
2892	SERVER.EXE
888	SERVER.EXE
3148	SERVER.EXE
3264	SERVER.EXE
3376	SERVER.EXE
3500	SERVER.EXE
3620	SERVER.EXE
3740	SERVER.EXE

Loads dropped DLL 32 IoCs

pid	Process
2284	vbc.exe
2284	vbc.exe
1124	SERVER.EXE
2960	SERVER.EXE
2348	SERVER.EXE
2272	SERVER.EXE
2900	SERVER.EXE
1688	SERVER.EXE
2120	SERVER.EXE
272	SERVER.EXE
1004	SERVER.EXE
2608	SERVER.EXE
1528	SERVER.EXE
2556	SERVER.EXE
2752	SERVER.EXE
1632	SERVER.EXE
2356	SERVER.EXE
1336	SERVER.EXE
940	SERVER.EXE
2220	SERVER.EXE
2772	SERVER.EXE
2976	SERVER.EXE
1720	SERVER.EXE
2444	SERVER.EXE
2808	SERVER.EXE
2892	SERVER.EXE
888	SERVER.EXE
3148	SERVER.EXE
3264	SERVER.EXE
3376	SERVER.EXE
3500	SERVER.EXE
3620	SERVER.EXE

Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2116 set thread context of 2284	2116	34c105c3274f5e8007e750b6ce27a645_JaffaCakes118.exe	30

UPX packed file 39 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2284-22-0x0000000000500000-0x0000000000516000-memory.dmp	upx
behavioral1/files/0x000a000000012262-20.dat	upx
behavioral1/memory/1124-38-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/2960-39-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/2348-45-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/2960-44-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/2348-51-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/2900-59-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/2272-58-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/2900-65-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/1688-71-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/2120-80-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/272-81-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/272-87-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/1004-93-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/2608-98-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/1528-104-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/2556-108-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/2752-115-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/1632-120-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/2356-126-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/1336-127-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/1336-132-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/940-139-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/2220-144-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/2772-150-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/2976-156-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/2444-163-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/1720-162-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/2444-168-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/2808-174-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/2892-178-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/888-182-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/3148-186-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/3376-191-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/3264-190-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/3376-195-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/3500-199-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/3620-202-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 33 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	34c105c3274f5e8007e750b6ce27a645_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SERVER.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2284	2116	34c105c3274f5e8007e750b6ce27a645_JaffaCakes118.exe	30
PID 2116 wrote to memory of 2284	2116	34c105c3274f5e8007e750b6ce27a645_JaffaCakes118.exe	30
PID 2116 wrote to memory of 2284	2116	34c105c3274f5e8007e750b6ce27a645_JaffaCakes118.exe	30
PID 2116 wrote to memory of 2284	2116	34c105c3274f5e8007e750b6ce27a645_JaffaCakes118.exe	30
PID 2116 wrote to memory of 2284	2116	34c105c3274f5e8007e750b6ce27a645_JaffaCakes118.exe	30
PID 2116 wrote to memory of 2284	2116	34c105c3274f5e8007e750b6ce27a645_JaffaCakes118.exe	30
PID 2116 wrote to memory of 2284	2116	34c105c3274f5e8007e750b6ce27a645_JaffaCakes118.exe	30
PID 2116 wrote to memory of 2284	2116	34c105c3274f5e8007e750b6ce27a645_JaffaCakes118.exe	30
PID 2116 wrote to memory of 2284	2116	34c105c3274f5e8007e750b6ce27a645_JaffaCakes118.exe	30
PID 2116 wrote to memory of 2284	2116	34c105c3274f5e8007e750b6ce27a645_JaffaCakes118.exe	30
PID 2116 wrote to memory of 2284	2116	34c105c3274f5e8007e750b6ce27a645_JaffaCakes118.exe	30
PID 2284 wrote to memory of 1124	2284	vbc.exe	31
PID 2284 wrote to memory of 1124	2284	vbc.exe	31
PID 2284 wrote to memory of 1124	2284	vbc.exe	31
PID 2284 wrote to memory of 1124	2284	vbc.exe	31
PID 1124 wrote to memory of 2948	1124	SERVER.EXE	32
PID 1124 wrote to memory of 2948	1124	SERVER.EXE	32
PID 1124 wrote to memory of 2948	1124	SERVER.EXE	32
PID 1124 wrote to memory of 2948	1124	SERVER.EXE	32
PID 1124 wrote to memory of 2948	1124	SERVER.EXE	32
PID 1124 wrote to memory of 644	1124	SERVER.EXE	33
PID 1124 wrote to memory of 644	1124	SERVER.EXE	33
PID 1124 wrote to memory of 644	1124	SERVER.EXE	33
PID 1124 wrote to memory of 644	1124	SERVER.EXE	33
PID 1124 wrote to memory of 644	1124	SERVER.EXE	33
PID 1124 wrote to memory of 2732	1124	SERVER.EXE	34
PID 1124 wrote to memory of 2732	1124	SERVER.EXE	34
PID 1124 wrote to memory of 2732	1124	SERVER.EXE	34
PID 1124 wrote to memory of 2732	1124	SERVER.EXE	34
PID 1124 wrote to memory of 2732	1124	SERVER.EXE	34
PID 1124 wrote to memory of 2612	1124	SERVER.EXE	35
PID 1124 wrote to memory of 2612	1124	SERVER.EXE	35
PID 1124 wrote to memory of 2612	1124	SERVER.EXE	35
PID 1124 wrote to memory of 2612	1124	SERVER.EXE	35
PID 1124 wrote to memory of 2612	1124	SERVER.EXE	35
PID 1124 wrote to memory of 3004	1124	SERVER.EXE	36
PID 1124 wrote to memory of 3004	1124	SERVER.EXE	36
PID 1124 wrote to memory of 3004	1124	SERVER.EXE	36
PID 1124 wrote to memory of 3004	1124	SERVER.EXE	36
PID 1124 wrote to memory of 3004	1124	SERVER.EXE	36
PID 1124 wrote to memory of 2680	1124	SERVER.EXE	37
PID 1124 wrote to memory of 2680	1124	SERVER.EXE	37
PID 1124 wrote to memory of 2680	1124	SERVER.EXE	37
PID 1124 wrote to memory of 2680	1124	SERVER.EXE	37
PID 1124 wrote to memory of 2680	1124	SERVER.EXE	37
PID 1124 wrote to memory of 2972	1124	SERVER.EXE	38
PID 1124 wrote to memory of 2972	1124	SERVER.EXE	38
PID 1124 wrote to memory of 2972	1124	SERVER.EXE	38
PID 1124 wrote to memory of 2972	1124	SERVER.EXE	38
PID 1124 wrote to memory of 2972	1124	SERVER.EXE	38
PID 1124 wrote to memory of 3048	1124	SERVER.EXE	39
PID 1124 wrote to memory of 3048	1124	SERVER.EXE	39
PID 1124 wrote to memory of 3048	1124	SERVER.EXE	39
PID 1124 wrote to memory of 3048	1124	SERVER.EXE	39
PID 1124 wrote to memory of 2960	1124	SERVER.EXE	40
PID 1124 wrote to memory of 2960	1124	SERVER.EXE	40
PID 1124 wrote to memory of 2960	1124	SERVER.EXE	40
PID 1124 wrote to memory of 2960	1124	SERVER.EXE	40
PID 2960 wrote to memory of 2920	2960	SERVER.EXE	41
PID 2960 wrote to memory of 2920	2960	SERVER.EXE	41
PID 2960 wrote to memory of 2920	2960	SERVER.EXE	41
PID 2960 wrote to memory of 2920	2960	SERVER.EXE	41
PID 2960 wrote to memory of 2920	2960	SERVER.EXE	41
PID 2960 wrote to memory of 2836	2960	SERVER.EXE	42

C:\Users\Admin\AppData\Local\Temp\34c105c3274f5e8007e750b6ce27a645_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\34c105c3274f5e8007e750b6ce27a645_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2284
- - C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
    "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1124
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2948
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:644
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2732
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2612
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:3004
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2680
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2972
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
      "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2960
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2920
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2836
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2896
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2728
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2740
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2756
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2796
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2348
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2708
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1784
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2784
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2508
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1740
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1872
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2108
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2272
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:800
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2812
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:3060
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2092
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2544
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2632
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1932
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2900
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2160
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1964
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:396
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2256
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:320
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1688
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2148
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1304
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1612
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2152
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2144
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1052
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2516
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2120
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:600
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:960
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2028
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1044
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1564
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:764
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1852
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:272
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2536
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2436
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1772
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2584
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1704
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1788
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2688
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1004
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:112
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1700
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1312
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2504
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2392
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2236
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1960
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2608
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:576
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:1596
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:896
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:892
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2176
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2184
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:1692
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1528
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:972
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1272
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2292
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3012
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1916
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1472
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2116
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2868
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2616
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2816
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2872
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:1212
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2936
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2752
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2956
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:1668
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:816
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2908
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2768
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2388
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1632
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:1884
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:2964
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:1456
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:2548
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:1040
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:2140
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:2764
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2356
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:1648
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2372
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2276
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2084
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2248
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:1748
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2316
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1336
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:832
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:2120
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:2500
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:1976
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:1448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:2596
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:1776
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:940
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:1004
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:2192
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:2564
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:1860
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:2032
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:1928
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:1460
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2220
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:1628
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:2804
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:2100
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:2200
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:2664
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:1056
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:1124
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2772
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:3032
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:2468
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:2348
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:2712
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:2904
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:1604
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:2472
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2976
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:1576
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:1484
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:1676
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:2188
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:2424
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:2244
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:2128
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1720
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:1684
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:2588
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:2464
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:108
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:1800
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:1480
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:2204
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2444
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:1656
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:1288
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2460
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2984
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2988
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2268
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2808
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:2180
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:1980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:236
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:1232
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:2208
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:2852
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:1720
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2892
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:2356
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:1716
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:472
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:3052
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:2220
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:2808
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:888
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:2068
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:2124
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3080
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3092
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3100
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3112
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3120
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3148
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3180
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3188
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3200
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3208
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3220
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3228
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3240
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3264
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3296
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3304
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3316
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3324
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3336
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3344
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3356
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3376
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3420
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3440
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3460
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3468
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3480
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3500
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3536
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3548
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3568
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3576
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3588
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3596
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        32⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3620
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3648
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3664
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3672
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3684
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3696
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3708
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3716
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\SERVER.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\SERVER.EXE"
        33⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3740
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        34⤵
        
        PID:3768
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        34⤵
        
        PID:3780
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        34⤵
        
        PID:3788
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        34⤵
        
        PID:3800
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        34⤵
        
        PID:3808
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        34⤵
        
        PID:3820
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        34⤵
        
        PID:3828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

Filesize
1KB

MD5
aaecec94eb4f25760fcc68f3c86e73c9

SHA1
4043ddafac406b229ea1327a33a87cb40169d380

SHA256
64e4c9fef5ef7ea76868a33002238375bfaab59ac58491b5a4eb6ff61eb92b7d

SHA512
8aa9b0a613b3ae24d96ea836cca176e296ed42e570eaa0a8983d85d3c6d032d02fb122d1f136f3b8bc8163c642003a44d3894408252e8de2613804e4cc99c0b6

Download Submit
\Users\Admin\AppData\Local\Temp\SERVER.EXE

Filesize
20KB

MD5
70b345dbe374edcae5d39ec04e99d975

SHA1
9d8c60711dc0597bde2fdc468d9b035b0ba4f01c

SHA256
ab91bf53afdcb99c96befdfadba3068283e9b0c96599828c1dd810219eec31ba

SHA512
d505b830d62b7cd0e7c877440cadacd2991ae53b3dd2cb77a4869f45445678a06446743c0aa011cdca3bfdf7e6039b6e3ca9fef2fd37123685d6cd88893b50c9

Download Submit
memory/272-87-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/272-81-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/888-182-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/940-139-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/1004-93-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/1124-35-0x0000000002620000-0x0000000002636000-memory.dmp

Filesize
88KB

Download
memory/1124-38-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/1336-133-0x0000000002630000-0x0000000002646000-memory.dmp

Filesize
88KB

Download
memory/1336-127-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/1336-132-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/1528-104-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/1632-120-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/1688-71-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/1688-83-0x0000000002620000-0x0000000002636000-memory.dmp

Filesize
88KB

Download
memory/1688-72-0x0000000002620000-0x0000000002636000-memory.dmp

Filesize
88KB

Download
memory/1720-162-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2116-2-0x00000000744E0000-0x0000000074A8B000-memory.dmp

Filesize
5.7MB

Download
memory/2116-18-0x00000000744E0000-0x0000000074A8B000-memory.dmp

Filesize
5.7MB

Download
memory/2116-1-0x00000000744E0000-0x0000000074A8B000-memory.dmp

Filesize
5.7MB

Download
memory/2116-0-0x00000000744E1000-0x00000000744E2000-memory.dmp

Filesize
4KB

Download
memory/2120-77-0x0000000002770000-0x0000000002786000-memory.dmp

Filesize
88KB

Download
memory/2120-80-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2220-144-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2272-58-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2284-17-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2284-10-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2284-13-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2284-15-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2284-4-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2284-8-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2284-9-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2284-5-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2284-28-0x0000000000500000-0x0000000000516000-memory.dmp

Filesize
88KB

Download
memory/2284-22-0x0000000000500000-0x0000000000516000-memory.dmp

Filesize
88KB

Download
memory/2284-7-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2284-30-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2284-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2348-45-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2348-51-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2356-126-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2444-163-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2444-168-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2556-108-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2608-98-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2752-115-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2772-150-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2808-174-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2892-178-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2900-62-0x0000000002770000-0x0000000002786000-memory.dmp

Filesize
88KB

Download
memory/2900-65-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2900-59-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2960-39-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2960-44-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2976-153-0x0000000002630000-0x0000000002646000-memory.dmp

Filesize
88KB

Download
memory/2976-156-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/3148-186-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/3264-190-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/3376-191-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/3376-195-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/3500-199-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/3620-202-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download