Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    07-12-2024 06:47

General

  • Target

    d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe

  • Size

    173KB

  • MD5

    d1233b402c1f2eb42d9114cabc620af3

  • SHA1

    981ed9468d9ebca4ba046194822f87be88819bac

  • SHA256

    62b98bcdf890bff37ce85ce18d8b4ac046c6a248979ef068c3298e75a48dc5ad

  • SHA512

    be1586ddf658184832198e66fb2453dd3b18faa2ace6e0b82887a5bf384c632aaf7c85f53c436b1661bb86c3fa93f42226ed6512bf62a5d6d6e9277418173d25

  • SSDEEP

    3072:ogO8Ng8VvnvhcZcqfVwuS1glK8CjB0jmUJXRnLuJuq77i28W:ogng8VCZ59/rKtjTUPuJPJT

Malware Config

Signatures

  • Detect XtremeRAT payload 5 IoCs
  • ISR Stealer

    ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

  • ISR Stealer payload 1 IoCs
  • Isrstealer family
  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

  • Xtremerat family
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 40 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • Executes dropped EXE 55 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 40 IoCs
  • Suspicious use of SetThreadContext 19 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 58 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 39 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2344
    • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Loads dropped DLL
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2348
      • C:\Windows\SysWOW64\svchost.exe
        svchost.exe
        3⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Loads dropped DLL
        • Adds Run key to start application
        • System Location Discovery: System Language Discovery
        PID:2116
        • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
          "C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious use of SetWindowsHookEx
          PID:2556
          • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
            C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
            5⤵
            • Boot or Logon Autostart Execution: Active Setup
            • Executes dropped EXE
            • Loads dropped DLL
            • Adds Run key to start application
            • System Location Discovery: System Language Discovery
            PID:1412
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe"
              6⤵
                PID:836
              • C:\Program Files\Internet Explorer\iexplore.exe
                "C:\Program Files\Internet Explorer\iexplore.exe"
                6⤵
                  PID:1784
                • C:\Program Files\Internet Explorer\iexplore.exe
                  "C:\Program Files\Internet Explorer\iexplore.exe"
                  6⤵
                    PID:2964
                  • C:\Program Files\Internet Explorer\iexplore.exe
                    "C:\Program Files\Internet Explorer\iexplore.exe"
                    6⤵
                      PID:2700
                    • C:\Program Files\Internet Explorer\iexplore.exe
                      "C:\Program Files\Internet Explorer\iexplore.exe"
                      6⤵
                        PID:2276
                      • C:\Program Files\Internet Explorer\iexplore.exe
                        "C:\Program Files\Internet Explorer\iexplore.exe"
                        6⤵
                          PID:2248
                        • C:\Program Files\Internet Explorer\iexplore.exe
                          "C:\Program Files\Internet Explorer\iexplore.exe"
                          6⤵
                            PID:2356
                          • C:\Program Files\Internet Explorer\iexplore.exe
                            "C:\Program Files\Internet Explorer\iexplore.exe"
                            6⤵
                              PID:1428
                            • C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
                              "C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
                              6⤵
                              • Executes dropped EXE
                              • System Location Discovery: System Language Discovery
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious use of SetWindowsHookEx
                              PID:1908
                            • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                              "C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
                              6⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Suspicious use of SetThreadContext
                              • System Location Discovery: System Language Discovery
                              • Suspicious use of SetWindowsHookEx
                              PID:1872
                              • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                7⤵
                                • Boot or Logon Autostart Execution: Active Setup
                                • Executes dropped EXE
                                • Loads dropped DLL
                                • Adds Run key to start application
                                • System Location Discovery: System Language Discovery
                                PID:940
                                • C:\Program Files\Internet Explorer\iexplore.exe
                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                  8⤵
                                    PID:1000
                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                    8⤵
                                      PID:2324
                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                      8⤵
                                        PID:1980
                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                        8⤵
                                          PID:3060
                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                          8⤵
                                            PID:1808
                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                            8⤵
                                              PID:1496
                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                              8⤵
                                                PID:2080
                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                8⤵
                                                  PID:2396
                                                • C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
                                                  "C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
                                                  8⤵
                                                  • Executes dropped EXE
                                                  • System Location Discovery: System Language Discovery
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:2940
                                                • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                  "C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
                                                  8⤵
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • Suspicious use of SetThreadContext
                                                  • System Location Discovery: System Language Discovery
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:1256
                                                  • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                    C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                    9⤵
                                                    • Boot or Logon Autostart Execution: Active Setup
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • Adds Run key to start application
                                                    • System Location Discovery: System Language Discovery
                                                    PID:2660
                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                      10⤵
                                                        PID:1104
                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                        10⤵
                                                          PID:1552
                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                          10⤵
                                                            PID:2992
                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                            10⤵
                                                              PID:644
                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                              10⤵
                                                                PID:1436
                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                10⤵
                                                                  PID:2628
                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                  10⤵
                                                                    PID:1500
                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                    10⤵
                                                                      PID:2304
                                                                    • C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
                                                                      "C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
                                                                      10⤵
                                                                      • Executes dropped EXE
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:1700
                                                                    • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                      "C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
                                                                      10⤵
                                                                      • Executes dropped EXE
                                                                      • Loads dropped DLL
                                                                      • Suspicious use of SetThreadContext
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:1228
                                                                      • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                        11⤵
                                                                        • Boot or Logon Autostart Execution: Active Setup
                                                                        • Executes dropped EXE
                                                                        • Loads dropped DLL
                                                                        • Adds Run key to start application
                                                                        • System Location Discovery: System Language Discovery
                                                                        PID:2640
                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                          12⤵
                                                                            PID:2768
                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                            12⤵
                                                                              PID:2432
                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                              12⤵
                                                                                PID:1528
                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                12⤵
                                                                                  PID:2176
                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                  12⤵
                                                                                    PID:2588
                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                    12⤵
                                                                                      PID:1984
                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                      12⤵
                                                                                        PID:2788
                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                        12⤵
                                                                                          PID:2808
                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                          12⤵
                                                                                            PID:1820
                                                                                          • C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
                                                                                            "C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
                                                                                            12⤵
                                                                                            • Executes dropped EXE
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                            PID:1396
                                                                                          • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                            "C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
                                                                                            12⤵
                                                                                            • Executes dropped EXE
                                                                                            • Loads dropped DLL
                                                                                            • Suspicious use of SetThreadContext
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                            PID:2284
                                                                                            • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                              C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                              13⤵
                                                                                              • Boot or Logon Autostart Execution: Active Setup
                                                                                              • Executes dropped EXE
                                                                                              • Adds Run key to start application
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              PID:2104
                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                14⤵
                                                                                                  PID:1500
                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                  14⤵
                                                                                                    PID:2560
                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                    14⤵
                                                                                                      PID:1012
                                                                                                    • C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
                                                                                                      "C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
                                                                                                      14⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:2972
                                                                                • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                  "C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
                                                                                  4⤵
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  • Suspicious use of SetThreadContext
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:1536
                                                                                  • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                    C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                    5⤵
                                                                                    • Boot or Logon Autostart Execution: Active Setup
                                                                                    • Executes dropped EXE
                                                                                    • Loads dropped DLL
                                                                                    • Adds Run key to start application
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    PID:2380
                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                      6⤵
                                                                                        PID:3052
                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                        6⤵
                                                                                          PID:880
                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                          6⤵
                                                                                            PID:1680
                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                            6⤵
                                                                                              PID:1452
                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                              6⤵
                                                                                                PID:2100
                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                6⤵
                                                                                                  PID:2588
                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                  6⤵
                                                                                                    PID:2076
                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                    6⤵
                                                                                                      PID:2504
                                                                                                    • C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
                                                                                                      "C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
                                                                                                      6⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:2728
                                                                                                    • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                      "C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
                                                                                                      6⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      • Suspicious use of SetThreadContext
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:2020
                                                                                                      • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                        C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                        7⤵
                                                                                                        • Boot or Logon Autostart Execution: Active Setup
                                                                                                        • Executes dropped EXE
                                                                                                        • Loads dropped DLL
                                                                                                        • Adds Run key to start application
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        PID:2008
                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                          8⤵
                                                                                                            PID:2816
                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                            8⤵
                                                                                                              PID:108
                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                              8⤵
                                                                                                                PID:2024
                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                8⤵
                                                                                                                  PID:1072
                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                  8⤵
                                                                                                                    PID:2264
                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                    8⤵
                                                                                                                      PID:944
                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                      8⤵
                                                                                                                        PID:3028
                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                        8⤵
                                                                                                                          PID:844
                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
                                                                                                                          8⤵
                                                                                                                          • Executes dropped EXE
                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                          PID:2856
                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
                                                                                                                          8⤵
                                                                                                                          • Executes dropped EXE
                                                                                                                          • Loads dropped DLL
                                                                                                                          • Suspicious use of SetThreadContext
                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                          PID:2372
                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                            C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                            9⤵
                                                                                                                            • Boot or Logon Autostart Execution: Active Setup
                                                                                                                            • Executes dropped EXE
                                                                                                                            • Adds Run key to start application
                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                            PID:2260
                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                              10⤵
                                                                                                                                PID:2840
                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                10⤵
                                                                                                                                  PID:2148
                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                  10⤵
                                                                                                                                    PID:3056
                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                    10⤵
                                                                                                                                      PID:2132
                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                      10⤵
                                                                                                                                        PID:620
                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                        10⤵
                                                                                                                                          PID:2460
                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                          10⤵
                                                                                                                                            PID:2776
                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                            10⤵
                                                                                                                                              PID:2824
                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
                                                                                                                                              10⤵
                                                                                                                                              • Executes dropped EXE
                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                                              PID:2624
                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
                                                                                                                                              10⤵
                                                                                                                                              • Executes dropped EXE
                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                                              PID:1640
                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                11⤵
                                                                                                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                                                                                                • Executes dropped EXE
                                                                                                                                                • Adds Run key to start application
                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                PID:1716
                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                  12⤵
                                                                                                                                                    PID:1776
                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
                                                                                                                                                    12⤵
                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                                                    PID:2684
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
                                                                                                                                    4⤵
                                                                                                                                    • Executes dropped EXE
                                                                                                                                    • Loads dropped DLL
                                                                                                                                    • Suspicious use of SetThreadContext
                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                                    PID:2788
                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                      5⤵
                                                                                                                                      • Boot or Logon Autostart Execution: Active Setup
                                                                                                                                      • Executes dropped EXE
                                                                                                                                      • Loads dropped DLL
                                                                                                                                      • Adds Run key to start application
                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                      PID:1540
                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                        6⤵
                                                                                                                                          PID:2756
                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                          6⤵
                                                                                                                                            PID:1064
                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                            6⤵
                                                                                                                                              PID:1560
                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                              6⤵
                                                                                                                                                PID:2748
                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                6⤵
                                                                                                                                                  PID:1464
                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                  6⤵
                                                                                                                                                    PID:1352
                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                    6⤵
                                                                                                                                                      PID:2316
                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                      6⤵
                                                                                                                                                        PID:2272
                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                        6⤵
                                                                                                                                                          PID:2576
                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
                                                                                                                                                          6⤵
                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                          PID:896
                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
                                                                                                                                                          6⤵
                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                          • Loads dropped DLL
                                                                                                                                                          • Suspicious use of SetThreadContext
                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                          PID:2772
                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                            7⤵
                                                                                                                                                            • Boot or Logon Autostart Execution: Active Setup
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                                            PID:1980
                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                              8⤵
                                                                                                                                                                PID:940
                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                8⤵
                                                                                                                                                                  PID:2308
                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                  8⤵
                                                                                                                                                                    PID:2712
                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                    8⤵
                                                                                                                                                                      PID:2020
                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                      8⤵
                                                                                                                                                                        PID:948
                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                        8⤵
                                                                                                                                                                          PID:2332
                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                          8⤵
                                                                                                                                                                            PID:708
                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                            8⤵
                                                                                                                                                                              PID:2816
                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                              8⤵
                                                                                                                                                                                PID:1072
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
                                                                                                                                                                                8⤵
                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                PID:1612
                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
                                                                                                                                                                        4⤵
                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                        • Loads dropped DLL
                                                                                                                                                                        • Suspicious use of SetThreadContext
                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                                                                        PID:2396
                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                                          5⤵
                                                                                                                                                                          • Boot or Logon Autostart Execution: Active Setup
                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          PID:1732
                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                            6⤵
                                                                                                                                                                              PID:2452
                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                              6⤵
                                                                                                                                                                                PID:1680
                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                6⤵
                                                                                                                                                                                  PID:400
                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                  6⤵
                                                                                                                                                                                    PID:2784
                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                    6⤵
                                                                                                                                                                                      PID:2592
                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                      6⤵
                                                                                                                                                                                        PID:2448
                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                        6⤵
                                                                                                                                                                                          PID:2792
                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                          6⤵
                                                                                                                                                                                            PID:2264
                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
                                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
                                                                                                                                                                                            6⤵
                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                            PID:796
                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                      3⤵
                                                                                                                                                                                        PID:2576
                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                        3⤵
                                                                                                                                                                                          PID:2568
                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                          3⤵
                                                                                                                                                                                            PID:1892
                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                            3⤵
                                                                                                                                                                                              PID:2936
                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                              3⤵
                                                                                                                                                                                                PID:908
                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                3⤵
                                                                                                                                                                                                  PID:2752
                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                    PID:2300
                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                      PID:2464
                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
                                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                      PID:2788
                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                      • Loads dropped DLL
                                                                                                                                                                                                      • Suspicious use of SetThreadContext
                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                      • Suspicious use of WriteProcessMemory
                                                                                                                                                                                                      PID:2396
                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                        • Boot or Logon Autostart Execution: Active Setup
                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                        • Loads dropped DLL
                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                        PID:2924
                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                            PID:2832
                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                              PID:2708
                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                PID:2716
                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                  PID:2660
                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                    PID:2656
                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                      PID:2204
                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                        PID:2712
                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                          PID:2148
                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                          PID:980
                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                                          • Loads dropped DLL
                                                                                                                                                                                                                          • Suspicious use of SetThreadContext
                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                          PID:2720
                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                            • Boot or Logon Autostart Execution: Active Setup
                                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                                            • Loads dropped DLL
                                                                                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                            PID:752
                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                              7⤵
                                                                                                                                                                                                                                PID:1436
                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                7⤵
                                                                                                                                                                                                                                  PID:1560
                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                  7⤵
                                                                                                                                                                                                                                    PID:1072
                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                    7⤵
                                                                                                                                                                                                                                      PID:2836
                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                      7⤵
                                                                                                                                                                                                                                        PID:2748
                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                        7⤵
                                                                                                                                                                                                                                          PID:2264
                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                          7⤵
                                                                                                                                                                                                                                            PID:2168
                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                            7⤵
                                                                                                                                                                                                                                              PID:1740
                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
                                                                                                                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
                                                                                                                                                                                                                                              7⤵
                                                                                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                              PID:2536
                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
                                                                                                                                                                                                                                              7⤵
                                                                                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                                                                                              • Loads dropped DLL
                                                                                                                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                              PID:600
                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                                                                                                                8⤵
                                                                                                                                                                                                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                                                                                • Loads dropped DLL
                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                PID:1276
                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                  9⤵
                                                                                                                                                                                                                                                    PID:1916
                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                    9⤵
                                                                                                                                                                                                                                                      PID:2584
                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                      9⤵
                                                                                                                                                                                                                                                        PID:888
                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                        9⤵
                                                                                                                                                                                                                                                          PID:1988
                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                          9⤵
                                                                                                                                                                                                                                                            PID:2372
                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                            9⤵
                                                                                                                                                                                                                                                              PID:2140
                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                              9⤵
                                                                                                                                                                                                                                                                PID:1532
                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                9⤵
                                                                                                                                                                                                                                                                  PID:2092
                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
                                                                                                                                                                                                                                                                  9⤵
                                                                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                  PID:2332
                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
                                                                                                                                                                                                                                                                  9⤵
                                                                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                                                                  • Loads dropped DLL
                                                                                                                                                                                                                                                                  • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                  PID:2864
                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                    • Boot or Logon Autostart Execution: Active Setup
                                                                                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                                                                                    • Loads dropped DLL
                                                                                                                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                    PID:2568
                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                      11⤵
                                                                                                                                                                                                                                                                        PID:2900
                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                        11⤵
                                                                                                                                                                                                                                                                          PID:2924
                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                          11⤵
                                                                                                                                                                                                                                                                            PID:1868
                                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                            11⤵
                                                                                                                                                                                                                                                                              PID:1192
                                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                              11⤵
                                                                                                                                                                                                                                                                                PID:332
                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                11⤵
                                                                                                                                                                                                                                                                                  PID:2836
                                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                  11⤵
                                                                                                                                                                                                                                                                                    PID:2448
                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                    11⤵
                                                                                                                                                                                                                                                                                      PID:1544
                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
                                                                                                                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
                                                                                                                                                                                                                                                                                      11⤵
                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                      PID:976
                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
                                                                                                                                                                                                                                                                                      11⤵
                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                      • Loads dropped DLL
                                                                                                                                                                                                                                                                                      • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                      PID:708
                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                                                                                                                                                        12⤵
                                                                                                                                                                                                                                                                                        • Boot or Logon Autostart Execution: Active Setup
                                                                                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                                                                                        • Loads dropped DLL
                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                        PID:836
                                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                          13⤵
                                                                                                                                                                                                                                                                                            PID:2356
                                                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                            13⤵
                                                                                                                                                                                                                                                                                              PID:1492
                                                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                              13⤵
                                                                                                                                                                                                                                                                                                PID:848
                                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                13⤵
                                                                                                                                                                                                                                                                                                  PID:1148
                                                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                  13⤵
                                                                                                                                                                                                                                                                                                    PID:1304
                                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                    13⤵
                                                                                                                                                                                                                                                                                                      PID:2100
                                                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                      13⤵
                                                                                                                                                                                                                                                                                                        PID:2380
                                                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                        13⤵
                                                                                                                                                                                                                                                                                                          PID:544
                                                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                          13⤵
                                                                                                                                                                                                                                                                                                            PID:2524
                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
                                                                                                                                                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
                                                                                                                                                                                                                                                                                                            13⤵
                                                                                                                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                            PID:2300
                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe"
                                                                                                                                                                                                                                                                                                            13⤵
                                                                                                                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                                                                                                                            • Loads dropped DLL
                                                                                                                                                                                                                                                                                                            • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                            PID:2964
                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe
                                                                                                                                                                                                                                                                                                              14⤵
                                                                                                                                                                                                                                                                                                              • Boot or Logon Autostart Execution: Active Setup
                                                                                                                                                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                                                                                                                                                              • Adds Run key to start application
                                                                                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                              PID:1752
                                                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                15⤵
                                                                                                                                                                                                                                                                                                                  PID:2568
                                                                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                  15⤵
                                                                                                                                                                                                                                                                                                                    PID:2400
                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                    15⤵
                                                                                                                                                                                                                                                                                                                      PID:944
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe
                                                                                                                                                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe"
                                                                                                                                                                                                                                                                                                                      15⤵
                                                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                      PID:2232

                                                                                                                                                                                                                                                                                        Network

                                                                                                                                                                                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                        Replay Monitor

                                                                                                                                                                                                                                                                                        Loading Replay Monitor...

                                                                                                                                                                                                                                                                                        Downloads

                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\491Servidor xD.exe.exe

                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          4B

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          a2ce4c7b743725199da04033b5b57469

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          1ae348eafa097ab898941eafe912d711a407da10

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          0fff86057dcfb3975c8bc44459740ba5ffb43551931163538df3f39a6bb991bc

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          23bd59f57b16cd496b550c1bba09eb3f9a9dfe764ea03470e3cc43e4d0b4ca415d239772e4a9b930749e88cead9a7ec4b0a77d0dd310e61d8c6521ae6ff278b0

                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          9484ce26d422922d74d5276a555fca5a

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          1cc474a11be32d8957f45a845e36d3a07ad3d167

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          bfcade57b3a8e37d02cb6176c10dd7a6cd57c6b75d4fe2b485758d3bb9576b75

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          592114e4bf48ad94f20605bf099b8261b3058d7e381593a043deaa045f2430327b9cd2c8f23c5bc22e73ea46e52e4e87cef60deb7e8ae168331342d2138db5f8

                                                                                                                                                                                                                                                                                        • \Users\Admin\AppData\Local\Temp\491Servidor xD.exe

                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          76KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          f0ee8359740566432e38a3484cadca79

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          a8ca527f525df95622f9184b29fffa7c9fbb2a5e

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          56a7b8839eb72accb03d8509147f0278fb9739b72317b5d01a28457536f3a6dc

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          d19bd78f86e7c79e4517790d778101e7b9b517f5028182f703ac0ca2a3bd9ec97d9185ea3aa902330046eb8c289d153a4cd5e0816e8065ddbf20f7c0c630e60e

                                                                                                                                                                                                                                                                                        • \Users\Admin\AppData\Local\Temp\d1233b402c1f2eb42d9114cabc620af3_JaffaCakes118.exe

                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          173KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          d1233b402c1f2eb42d9114cabc620af3

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          981ed9468d9ebca4ba046194822f87be88819bac

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          62b98bcdf890bff37ce85ce18d8b4ac046c6a248979ef068c3298e75a48dc5ad

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          be1586ddf658184832198e66fb2453dd3b18faa2ace6e0b82887a5bf384c632aaf7c85f53c436b1661bb86c3fa93f42226ed6512bf62a5d6d6e9277418173d25

                                                                                                                                                                                                                                                                                        • memory/1980-267-0x0000000000C80000-0x0000000000CAA000-memory.dmp

                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          168KB

                                                                                                                                                                                                                                                                                        • memory/2116-11-0x0000000000C80000-0x0000000000CAA000-memory.dmp

                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          168KB

                                                                                                                                                                                                                                                                                        • memory/2116-9-0x0000000000C80000-0x0000000000CAA000-memory.dmp

                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          168KB

                                                                                                                                                                                                                                                                                        • memory/2348-4-0x0000000000C80000-0x0000000000CAA000-memory.dmp

                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          168KB

                                                                                                                                                                                                                                                                                        • memory/2348-28-0x0000000000C80000-0x0000000000CAA000-memory.dmp

                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          168KB

                                                                                                                                                                                                                                                                                        • memory/2348-2-0x0000000000C80000-0x0000000000CAA000-memory.dmp

                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          168KB

                                                                                                                                                                                                                                                                                        • memory/2348-6-0x0000000000C80000-0x0000000000CAA000-memory.dmp

                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          168KB

                                                                                                                                                                                                                                                                                        • memory/2348-5-0x0000000000C80000-0x0000000000CAA000-memory.dmp

                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          168KB