xtremerat | 588187edb6184605c26fa58cf8a02b53f2d1bf79b2f8f8eaf1704a1c1c6dde18

Analysis

max time kernel
149s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2025 12:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe
Size

578KB
MD5

79969c55aa2e0acb8e6790c476d306a9
SHA1

9eb1a2bb0d896e1c7d1e80941a9811e759a83187
SHA256

588187edb6184605c26fa58cf8a02b53f2d1bf79b2f8f8eaf1704a1c1c6dde18
SHA512

8f81abcd5cbe55cbd96eb2f0968c29d76886e86f98968d56716ce9509d6fa478dcd5284dcea0162ed4f65e150714438347713721fad54cf6f500c90df63f225a
SSDEEP

12288:/4F09/ir9yLXiSLK4trqE8ccH0rg017oz8t6Ico6Ic7:A09/ceHLK3EyU117FcGc7

Score

10^/10

xtremerat discovery persistence rat spyware upx

Malware Config

Extracted

Family

xtremerat

hackergood2.no-ip.org

Signatures

Detect XtremeRAT payload 64 IoCs

resource	yara_rule
behavioral2/memory/3776-6-0x0000000000C81000-0x0000000000CA7000-memory.dmp	family_xtremerat
behavioral2/memory/4844-10-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/3776-16-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/3776-17-0x0000000000C81000-0x0000000000CA7000-memory.dmp	family_xtremerat
behavioral2/memory/2304-23-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/2304-31-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/4660-37-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/4660-45-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/3900-65-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/588-70-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/1088-97-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/1500-91-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/4860-120-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/860-128-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/4820-137-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/508-151-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/116-156-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/2324-176-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/1088-189-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/4796-208-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/4628-213-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/860-225-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/1708-245-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/1312-258-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/4988-271-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/2600-283-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/5004-295-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/1816-308-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/1760-327-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/2700-332-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/3708-344-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/5084-356-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/5292-375-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/5164-379-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/5420-384-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/5500-396-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/5844-407-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/5968-416-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/4032-432-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/5152-436-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/2176-446-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/5200-461-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/5856-467-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/5840-476-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/224-494-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/5316-498-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/5328-503-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/5724-519-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/5248-523-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/5992-540-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/5180-550-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/3480-566-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/1176-570-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/5424-580-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/6004-596-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/5992-600-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/860-604-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/5320-620-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/1180-629-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/860-641-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/5328-649-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/6208-661-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/6292-671-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat
behavioral2/memory/6648-687-0x0000000000C80000-0x0000000000D38000-memory.dmp	family_xtremerat

XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
persistence spyware rat xtremerat
Xtremerat family
xtremerat

Boot or Logon Autostart Execution: Active Setup 2 TTPs 64 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}\StubPath = "C:\\Windows\\InstallDir\\jogos.exe restart"	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2VQX8GCJ-V3DS-V23N-F87G-12K8XJ08TBX5}	jogos.exe

Checks BIOS information in registry 2 TTPs 64 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	jogos.exe

Checks computer location settings 2 TTPs 55 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	jogos.exe

Executes dropped EXE 64 IoCs

pid	Process
2304	jogos.exe
4660	jogos.exe
3900	jogos.exe
588	jogos.exe
1500	jogos.exe
1088	jogos.exe
4860	jogos.exe
860	jogos.exe
4820	jogos.exe
116	jogos.exe
508	jogos.exe
2324	jogos.exe
1088	jogos.exe
4628	jogos.exe
860	jogos.exe
4796	jogos.exe
1708	jogos.exe
1312	jogos.exe
4988	jogos.exe
2600	jogos.exe
5004	jogos.exe
1816	jogos.exe
2700	jogos.exe
3708	jogos.exe
5084	jogos.exe
1760	jogos.exe
5164	jogos.exe
5292	jogos.exe
5420	jogos.exe
5500	jogos.exe
5844	jogos.exe
5968	jogos.exe
5152	jogos.exe
2176	jogos.exe
4032	jogos.exe
5200	jogos.exe
5856	jogos.exe
5840	jogos.exe
5316	jogos.exe
5328	jogos.exe
224	jogos.exe
5248	jogos.exe
5724	jogos.exe
5992	jogos.exe
5180	jogos.exe
1176	jogos.exe
5424	jogos.exe
3480	jogos.exe
5992	jogos.exe
860	jogos.exe
6004	jogos.exe
5320	jogos.exe
1180	jogos.exe
860	jogos.exe
5328	jogos.exe
6208	jogos.exe
6292	jogos.exe
6648	jogos.exe
6744	jogos.exe
6836	jogos.exe
7132	jogos.exe
6192	jogos.exe
6368	jogos.exe
6876	jogos.exe

Adds Run key to start application 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\InstallDir\\jogos.exe"	jogos.exe

UPX packed file 46 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3776-5-0x00000000007F0000-0x0000000000801000-memory.dmp	upx
behavioral2/memory/3776-4-0x00000000007F0000-0x0000000000801000-memory.dmp	upx
behavioral2/memory/3776-3-0x00000000007F0000-0x0000000000801000-memory.dmp	upx
behavioral2/memory/3776-2-0x00000000007F0000-0x0000000000801000-memory.dmp	upx
behavioral2/memory/3776-1-0x00000000007F0000-0x0000000000801000-memory.dmp	upx
behavioral2/memory/3776-13-0x00000000007F0000-0x0000000000801000-memory.dmp	upx
behavioral2/memory/2304-19-0x0000000000780000-0x0000000000791000-memory.dmp	upx
behavioral2/memory/2304-21-0x0000000000780000-0x0000000000791000-memory.dmp	upx
behavioral2/memory/2304-20-0x0000000000780000-0x0000000000791000-memory.dmp	upx
behavioral2/memory/2304-18-0x0000000000780000-0x0000000000791000-memory.dmp	upx
behavioral2/memory/2304-28-0x0000000000780000-0x0000000000791000-memory.dmp	upx
behavioral2/memory/4660-35-0x0000000000BC0000-0x0000000000BD1000-memory.dmp	upx
behavioral2/memory/4660-34-0x0000000000BC0000-0x0000000000BD1000-memory.dmp	upx
behavioral2/memory/4660-33-0x0000000000BC0000-0x0000000000BD1000-memory.dmp	upx
behavioral2/memory/4660-32-0x0000000000BC0000-0x0000000000BD1000-memory.dmp	upx
behavioral2/memory/4660-42-0x0000000000BC0000-0x0000000000BD1000-memory.dmp	upx
behavioral2/memory/3900-49-0x00000000005B0000-0x00000000005C1000-memory.dmp	upx
behavioral2/memory/3900-48-0x00000000005B0000-0x00000000005C1000-memory.dmp	upx
behavioral2/memory/3900-47-0x00000000005B0000-0x00000000005C1000-memory.dmp	upx
behavioral2/memory/3900-46-0x00000000005B0000-0x00000000005C1000-memory.dmp	upx
behavioral2/memory/588-58-0x0000000000140000-0x0000000000151000-memory.dmp	upx
behavioral2/memory/588-57-0x0000000000140000-0x0000000000151000-memory.dmp	upx
behavioral2/memory/588-55-0x0000000000140000-0x0000000000151000-memory.dmp	upx
behavioral2/memory/588-56-0x0000000000140000-0x0000000000151000-memory.dmp	upx
behavioral2/memory/3900-62-0x00000000005B0000-0x00000000005C1000-memory.dmp	upx
behavioral2/memory/588-67-0x0000000000140000-0x0000000000151000-memory.dmp	upx
behavioral2/memory/1500-74-0x00000000001E0000-0x00000000001F1000-memory.dmp	upx
behavioral2/memory/1500-73-0x00000000001E0000-0x00000000001F1000-memory.dmp	upx
behavioral2/memory/1500-72-0x00000000001E0000-0x00000000001F1000-memory.dmp	upx
behavioral2/memory/1500-71-0x00000000001E0000-0x00000000001F1000-memory.dmp	upx
behavioral2/memory/1088-79-0x0000000000630000-0x0000000000641000-memory.dmp	upx
behavioral2/memory/1088-77-0x0000000000630000-0x0000000000641000-memory.dmp	upx
behavioral2/memory/1088-78-0x0000000000630000-0x0000000000641000-memory.dmp	upx
behavioral2/memory/1088-76-0x0000000000630000-0x0000000000641000-memory.dmp	upx
behavioral2/memory/1500-87-0x00000000001E0000-0x00000000001F1000-memory.dmp	upx
behavioral2/memory/1088-92-0x0000000000630000-0x0000000000641000-memory.dmp	upx
behavioral2/memory/4860-105-0x0000000000140000-0x0000000000151000-memory.dmp	upx
behavioral2/memory/4860-104-0x0000000000140000-0x0000000000151000-memory.dmp	upx
behavioral2/memory/4860-103-0x0000000000140000-0x0000000000151000-memory.dmp	upx
behavioral2/memory/860-100-0x0000000000780000-0x0000000000791000-memory.dmp	upx
behavioral2/memory/860-101-0x0000000000780000-0x0000000000791000-memory.dmp	upx
behavioral2/memory/860-99-0x0000000000780000-0x0000000000791000-memory.dmp	upx
behavioral2/memory/4820-109-0x0000000000630000-0x0000000000641000-memory.dmp	upx
behavioral2/memory/4820-108-0x0000000000630000-0x0000000000641000-memory.dmp	upx
behavioral2/memory/4820-110-0x0000000000630000-0x0000000000641000-memory.dmp	upx
behavioral2/memory/4860-117-0x0000000000140000-0x0000000000151000-memory.dmp	upx

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\InstallDir\jogos.exe	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe
File created	C:\Windows\InstallDir\jogos.exe	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jogos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe

Checks processor information in registry 2 TTPs 64 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	jogos.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	jogos.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	jogos.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	jogos.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	jogos.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	jogos.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	jogos.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	jogos.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	jogos.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	jogos.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	jogos.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	jogos.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	jogos.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	jogos.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	jogos.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	jogos.exe

Enumerates system info in registry 2 TTPs 64 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	jogos.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3776 wrote to memory of 4844	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	85
PID 3776 wrote to memory of 4844	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	85
PID 3776 wrote to memory of 4844	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	85
PID 3776 wrote to memory of 4844	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	85
PID 3776 wrote to memory of 4864	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	86
PID 3776 wrote to memory of 4864	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	86
PID 3776 wrote to memory of 4864	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	86
PID 3776 wrote to memory of 1404	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	87
PID 3776 wrote to memory of 1404	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	87
PID 3776 wrote to memory of 1404	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	87
PID 3776 wrote to memory of 2628	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	88
PID 3776 wrote to memory of 2628	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	88
PID 3776 wrote to memory of 2628	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	88
PID 3776 wrote to memory of 4732	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	89
PID 3776 wrote to memory of 4732	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	89
PID 3776 wrote to memory of 4732	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	89
PID 3776 wrote to memory of 4220	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	90
PID 3776 wrote to memory of 4220	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	90
PID 3776 wrote to memory of 4220	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	90
PID 3776 wrote to memory of 3360	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	91
PID 3776 wrote to memory of 3360	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	91
PID 3776 wrote to memory of 3360	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	91
PID 3776 wrote to memory of 4564	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	92
PID 3776 wrote to memory of 4564	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	92
PID 3776 wrote to memory of 4564	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	92
PID 3776 wrote to memory of 4476	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	93
PID 3776 wrote to memory of 4476	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	93
PID 3776 wrote to memory of 2304	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	94
PID 3776 wrote to memory of 2304	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	94
PID 3776 wrote to memory of 2304	3776	JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe	94
PID 2304 wrote to memory of 1172	2304	jogos.exe	95
PID 2304 wrote to memory of 1172	2304	jogos.exe	95
PID 2304 wrote to memory of 1172	2304	jogos.exe	95
PID 2304 wrote to memory of 4544	2304	jogos.exe	96
PID 2304 wrote to memory of 4544	2304	jogos.exe	96
PID 2304 wrote to memory of 4544	2304	jogos.exe	96
PID 2304 wrote to memory of 3908	2304	jogos.exe	97
PID 2304 wrote to memory of 3908	2304	jogos.exe	97
PID 2304 wrote to memory of 3908	2304	jogos.exe	97
PID 2304 wrote to memory of 964	2304	jogos.exe	98
PID 2304 wrote to memory of 964	2304	jogos.exe	98
PID 2304 wrote to memory of 964	2304	jogos.exe	98
PID 2304 wrote to memory of 4888	2304	jogos.exe	99
PID 2304 wrote to memory of 4888	2304	jogos.exe	99
PID 2304 wrote to memory of 4888	2304	jogos.exe	99
PID 2304 wrote to memory of 2884	2304	jogos.exe	102
PID 2304 wrote to memory of 2884	2304	jogos.exe	102
PID 2304 wrote to memory of 2884	2304	jogos.exe	102
PID 2304 wrote to memory of 1076	2304	jogos.exe	103
PID 2304 wrote to memory of 1076	2304	jogos.exe	103
PID 2304 wrote to memory of 1076	2304	jogos.exe	103
PID 2304 wrote to memory of 3352	2304	jogos.exe	108
PID 2304 wrote to memory of 3352	2304	jogos.exe	108
PID 2304 wrote to memory of 4660	2304	jogos.exe	109
PID 2304 wrote to memory of 4660	2304	jogos.exe	109
PID 2304 wrote to memory of 4660	2304	jogos.exe	109
PID 4660 wrote to memory of 3364	4660	jogos.exe	110
PID 4660 wrote to memory of 3364	4660	jogos.exe	110
PID 4660 wrote to memory of 3364	4660	jogos.exe	110
PID 4660 wrote to memory of 4852	4660	jogos.exe	111
PID 4660 wrote to memory of 4852	4660	jogos.exe	111
PID 4660 wrote to memory of 4852	4660	jogos.exe	111
PID 4660 wrote to memory of 1340	4660	jogos.exe	112
PID 4660 wrote to memory of 1340	4660	jogos.exe	112

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_79969c55aa2e0acb8e6790c476d306a9.exe"
1⤵
- Checks BIOS information in registry
- Checks computer location settings
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:3776
- C:\Windows\SysWOW64\svchost.exe
  svchost.exe
  2⤵
  - Boot or Logon Autostart Execution: Active Setup
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:4844
- - C:\Windows\InstallDir\jogos.exe
    "C:\Windows\InstallDir\jogos.exe"
    3⤵
    - Checks BIOS information in registry
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:2020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4720
  - - C:\Windows\InstallDir\jogos.exe
      "C:\Windows\InstallDir\jogos.exe"
      4⤵
      Boot or Logon Autostart Execution: Active Setup
      Checks BIOS information in registry
      Checks computer location settings
      Executes dropped EXE
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Checks processor information in registry
      Enumerates system info in registry
      PID:1500
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:3176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:2816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:3156
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:3408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:4780
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:3444
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:2932
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:3600
    - - C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        5⤵
        Checks BIOS information in registry
        Executes dropped EXE
        Checks processor information in registry
        Enumerates system info in registry
        
        PID:4860
- - C:\Windows\InstallDir\jogos.exe
    "C:\Windows\InstallDir\jogos.exe"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Checks BIOS information in registry
    - Checks computer location settings
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Enumerates system info in registry
    PID:1088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3516
  - - C:\Windows\InstallDir\jogos.exe
      "C:\Windows\InstallDir\jogos.exe"
      4⤵
      Boot or Logon Autostart Execution: Active Setup
      Checks BIOS information in registry
      Checks computer location settings
      Executes dropped EXE
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Checks processor information in registry
      Enumerates system info in registry
      PID:860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:1756
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:364
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:5060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:5088
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:3568
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:912
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:4024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:1524
    - - C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Enumerates system info in registry
        
        PID:116
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4736
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2900
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3464
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5020
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4928
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2840
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:1280
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4008
      - C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        6⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Enumerates system info in registry
        
        PID:2324
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:4156
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:3904
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:3960
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:3164
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:3028
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5044
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:3992
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:4392
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Enumerates system info in registry
        
        PID:4628
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:4452
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:4436
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:4716
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:3188
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:1612
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:1712
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:3560
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:3204
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        8⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Enumerates system info in registry
        
        PID:1708
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:3916
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4444
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:512
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4868
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4488
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4484
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4248
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:2596
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        9⤵
        Checks BIOS information in registry
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Enumerates system info in registry
        
        PID:2600
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:2152
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:2704
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:4064
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:4984
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:1500
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:2172
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:2872
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:4148
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        10⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Enumerates system info in registry
        
        PID:2700
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:4628
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:2240
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:1816
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:3812
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:2040
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:4052
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:1608
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:5132
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        11⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Enumerates system info in registry
        
        PID:5164
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:5264
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:5428
- - C:\Windows\InstallDir\jogos.exe
    "C:\Windows\InstallDir\jogos.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:4820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3280
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:2120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1096
  - - C:\Windows\InstallDir\jogos.exe
      "C:\Windows\InstallDir\jogos.exe"
      4⤵
      Checks BIOS information in registry
      Executes dropped EXE
      PID:508
- - C:\Windows\InstallDir\jogos.exe
    "C:\Windows\InstallDir\jogos.exe"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Checks computer location settings
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:1088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:2044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:5012
  - - C:\Windows\InstallDir\jogos.exe
      "C:\Windows\InstallDir\jogos.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Checks processor information in registry
      Enumerates system info in registry
      PID:860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:1044
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:3784
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:4428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:4184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:1624
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:3984
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:2440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:1440
    - - C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Enumerates system info in registry
        
        PID:1312
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2500
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5036
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:1020
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3148
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4576
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4712
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3448
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:1000
      - C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        
        PID:5004
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:3772
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:676
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:3116
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:2444
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:1544
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:2752
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:2376
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:944
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Enumerates system info in registry
        
        PID:3708
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:1872
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:2600
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:2284
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:452
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:1760
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:3392
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5124
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5236
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        8⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Enumerates system info in registry
        
        PID:5292
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5412
- - C:\Windows\InstallDir\jogos.exe
    "C:\Windows\InstallDir\jogos.exe"
    3⤵
    - Executes dropped EXE
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:4796
- - C:\Windows\InstallDir\jogos.exe
    "C:\Windows\InstallDir\jogos.exe"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Checks computer location settings
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:4988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:2632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:2340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:2572
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3660
  - - C:\Windows\InstallDir\jogos.exe
      "C:\Windows\InstallDir\jogos.exe"
      4⤵
      Boot or Logon Autostart Execution: Active Setup
      Checks BIOS information in registry
      Checks computer location settings
      Executes dropped EXE
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Checks processor information in registry
      Enumerates system info in registry
      PID:1816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:2648
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:2296
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:2300
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:4876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:3196
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:1944
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:3732
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:3996
    - - C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Enumerates system info in registry
        
        PID:5084
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2256
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4528
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2136
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4196
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2324
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:396
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5156
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5368
      - C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        6⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:5420
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5576
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5648
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5728
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5748
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5764
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5784
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5800
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5820
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Enumerates system info in registry
        
        PID:5844
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5956
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6064
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6084
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6100
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6120
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6136
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:2940
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:2564
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        8⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Enumerates system info in registry
        
        PID:5152
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4468
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5448
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5508
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5596
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5396
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5604
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5360
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5168
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Enumerates system info in registry
        
        PID:5200
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:2024
- - C:\Windows\InstallDir\jogos.exe
    "C:\Windows\InstallDir\jogos.exe"
    3⤵
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Enumerates system info in registry
    PID:1760
- - C:\Windows\InstallDir\jogos.exe
    "C:\Windows\InstallDir\jogos.exe"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Checks computer location settings
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    PID:5500
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:5616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:5656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:5736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:5756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:5772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:5792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:5808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:5876
  - - C:\Windows\InstallDir\jogos.exe
      "C:\Windows\InstallDir\jogos.exe"
      4⤵
      Boot or Logon Autostart Execution: Active Setup
      Checks computer location settings
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Checks processor information in registry
      Enumerates system info in registry
      PID:5968
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:6056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:6076
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:6092
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:6112
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:6128
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:1284
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:1040
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:5256
    - - C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Enumerates system info in registry
        
        PID:2176
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5004
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5548
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5572
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5608
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5324
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5344
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5292
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5676
      - C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        6⤵
        Checks BIOS information in registry
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        
        PID:5856
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5504
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6052
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:1548
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5100
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5188
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5868
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5908
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:4988
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Enumerates system info in registry
        
        PID:5316
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:1696
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5712
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:4464
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5828
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5476
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5348
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5528
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5912
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        8⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        
        PID:5248
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:400
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4596
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5864
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5948
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5208
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5468
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:3112
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6044
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        9⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Enumerates system info in registry
        
        PID:5992
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:5144
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:2268
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:5336
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:5068
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:5584
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:3404
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:5384
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:5420
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        10⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Enumerates system info in registry
        
        PID:1176
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:5708
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:5472
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:4856
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:4432
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:5512
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:4548
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:5840
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:5588
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        11⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Enumerates system info in registry
        
        PID:5992
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:5524
- - C:\Windows\InstallDir\jogos.exe
    "C:\Windows\InstallDir\jogos.exe"
    3⤵
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Enumerates system info in registry
    PID:4032
- - C:\Windows\InstallDir\jogos.exe
    "C:\Windows\InstallDir\jogos.exe"
    3⤵
    - Checks BIOS information in registry
    - Checks computer location settings
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Enumerates system info in registry
    PID:5840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:6036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:6072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:5964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:5892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:5848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:5192
  - - C:\Windows\InstallDir\jogos.exe
      "C:\Windows\InstallDir\jogos.exe"
      4⤵
      Boot or Logon Autostart Execution: Active Setup
      Checks computer location settings
      Executes dropped EXE
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Enumerates system info in registry
      PID:5328
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:2700
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:5716
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:5300
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:1060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:5284
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:5304
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:5460
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:5852
    - - C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        5⤵
        Checks BIOS information in registry
        Executes dropped EXE
        Checks processor information in registry
        Enumerates system info in registry
        
        PID:5724
- - C:\Windows\InstallDir\jogos.exe
    "C:\Windows\InstallDir\jogos.exe"
    3⤵
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:224
- - C:\Windows\InstallDir\jogos.exe
    "C:\Windows\InstallDir\jogos.exe"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Checks computer location settings
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:5180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:5244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:5520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:5836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:5316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:5436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3256
  - - C:\Windows\InstallDir\jogos.exe
      "C:\Windows\InstallDir\jogos.exe"
      4⤵
      Boot or Logon Autostart Execution: Active Setup
      Checks BIOS information in registry
      Checks computer location settings
      Executes dropped EXE
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Enumerates system info in registry
      PID:5424
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:5440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:5172
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:3520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:5212
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:4924
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:2464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:5480
    - - C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Enumerates system info in registry
        
        PID:860
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2244
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:1432
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5380
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5996
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5636
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5196
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5536
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5376
      - C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        6⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Enumerates system info in registry
        
        PID:5320
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:2936
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:1724
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5220
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:4292
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5164
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6016
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5696
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5984
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:860
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:1652
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6024
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:2948
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5540
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5248
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:3140
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6152
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6172
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        8⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Enumerates system info in registry
        
        PID:6208
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6376
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6412
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6468
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6488
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6504
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6552
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6572
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6608
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        9⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Enumerates system info in registry
        
        PID:6648
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:6764
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:6936
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:6960
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:6988
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:7016
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:7044
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:7072
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:7100
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        10⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Enumerates system info in registry
        
        PID:7132
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:6308
- - C:\Windows\InstallDir\jogos.exe
    "C:\Windows\InstallDir\jogos.exe"
    3⤵
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Enumerates system info in registry
    PID:3480
- - C:\Windows\InstallDir\jogos.exe
    "C:\Windows\InstallDir\jogos.exe"
    3⤵
    - Executes dropped EXE
    - Enumerates system info in registry
    PID:6004
- - C:\Windows\InstallDir\jogos.exe
    "C:\Windows\InstallDir\jogos.exe"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Checks BIOS information in registry
    - Checks computer location settings
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Enumerates system info in registry
    PID:1180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:5200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:5280
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:6020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3612
  - - C:\Windows\InstallDir\jogos.exe
      "C:\Windows\InstallDir\jogos.exe"
      4⤵
      Boot or Logon Autostart Execution: Active Setup
      Checks computer location settings
      Executes dropped EXE
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      PID:5328
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:5780
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:4532
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:6040
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:1180
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:1508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:4032
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:6164
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:6200
    - - C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Enumerates system info in registry
        
        PID:6292
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6404
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6460
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6480
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6496
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6516
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6564
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6592
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6640
      - C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        6⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Enumerates system info in registry
        
        PID:6744
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6904
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6944
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6972
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:7000
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:7028
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:7056
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:7084
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:7124
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Enumerates system info in registry
        
        PID:6192
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:2540
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6628
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6660
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6700
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6752
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6316
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6360
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6300
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        8⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Enumerates system info in registry
        
        PID:6876
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:1752
- - C:\Windows\InstallDir\jogos.exe
    "C:\Windows\InstallDir\jogos.exe"
    3⤵
    - Checks BIOS information in registry
    - Checks computer location settings
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Enumerates system info in registry
    PID:6836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:6928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:6952
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:6980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:7008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:7036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:7064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:7092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:6188
  - - C:\Windows\InstallDir\jogos.exe
      "C:\Windows\InstallDir\jogos.exe"
      4⤵
      Checks BIOS information in registry
      Checks computer location settings
      Executes dropped EXE
      Adds Run key to start application
      Checks processor information in registry
      Enumerates system info in registry
      PID:6368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:6240
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:6216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:6716
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:6776
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:6772
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:6336
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:6720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:6788
    - - C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        5⤵
        Checks computer location settings
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Enumerates system info in registry
        
        PID:1584
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5320
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6796
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4740
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6304
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3876
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6860
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6840
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6844
      - C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        6⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        Checks computer location settings
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Enumerates system info in registry
        
        PID:6232
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6236
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:4656
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:3656
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:2140
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:2460
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6712
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6220
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6884
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        7⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Enumerates system info in registry
        
        PID:2568
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5680
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6260
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5108
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6892
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6680
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6836
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:4884
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6192
        
        C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        8⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        System Location Discovery: System Language Discovery
        Enumerates system info in registry
        
        PID:5424
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6388
- - C:\Windows\InstallDir\jogos.exe
    "C:\Windows\InstallDir\jogos.exe"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Checks BIOS information in registry
    - Checks computer location settings
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    PID:6740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:6852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:6820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:6328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:6880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:5204
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:6528
  - - C:\Windows\InstallDir\jogos.exe
      "C:\Windows\InstallDir\jogos.exe"
      4⤵
      Boot or Logon Autostart Execution: Active Setup
      Checks BIOS information in registry
      Checks computer location settings
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Checks processor information in registry
      PID:6900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:1100
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:6580
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:2560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:1708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:7024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:7120
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:1640
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:3232
    - - C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Enumerates system info in registry
        
        PID:1584
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6512
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5444
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6256
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:7156
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6792
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6324
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6816
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6264
      - C:\Windows\InstallDir\jogos.exe
        
        "C:\Windows\InstallDir\jogos.exe"
        6⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks BIOS information in registry
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Enumerates system info in registry
        
        PID:4728
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6648
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6704
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6672
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6364
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6212
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:1592
- - C:\Windows\InstallDir\jogos.exe
    "C:\Windows\InstallDir\jogos.exe"
    3⤵
    - Enumerates system info in registry
    PID:3248
- - C:\Windows\InstallDir\jogos.exe
    "C:\Windows\InstallDir\jogos.exe"
    3⤵
    - Checks BIOS information in registry
    - Checks processor information in registry
    PID:6252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:4476
- C:\Windows\InstallDir\jogos.exe
  "C:\Windows\InstallDir\jogos.exe"
  2⤵
  - Boot or Logon Autostart Execution: Active Setup
  - Checks computer location settings
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious use of WriteProcessMemory
  PID:2304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:1172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:4544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:3908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:4888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:2884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:1076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:3352
- - C:\Windows\InstallDir\jogos.exe
    "C:\Windows\InstallDir\jogos.exe"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Checks BIOS information in registry
    - Checks computer location settings
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Enumerates system info in registry
    - Suspicious use of WriteProcessMemory
    PID:4660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4572
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:2888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:788
  - - C:\Windows\InstallDir\jogos.exe
      "C:\Windows\InstallDir\jogos.exe"
      4⤵
      Boot or Logon Autostart Execution: Active Setup
      Checks BIOS information in registry
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Enumerates system info in registry
      PID:3900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:4540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

Filesize
1KB

MD5
3c05bf039bcfef428ae33c0e208d7040

SHA1
cf9db2a6d75949eb522bed1fb309d8adafeef89f

SHA256
ecba0da79c98a81831a6373d6971c5cdb71e2f7a1fbba6d099922b33b7d671b9

SHA512
2334538eaf3ec12ddd475cd2ba5c97ef5ff258fdc52ca3019f60181b2fc73a6d93444860b18b9c8e95ec42a635c1aba04529c0d3a3ba9d9a654fe2d6970ff110

Download Submit
C:\Windows\InstallDir\jogos.exe

Filesize
578KB

MD5
79969c55aa2e0acb8e6790c476d306a9

SHA1
9eb1a2bb0d896e1c7d1e80941a9811e759a83187

SHA256
588187edb6184605c26fa58cf8a02b53f2d1bf79b2f8f8eaf1704a1c1c6dde18

SHA512
8f81abcd5cbe55cbd96eb2f0968c29d76886e86f98968d56716ce9509d6fa478dcd5284dcea0162ed4f65e150714438347713721fad54cf6f500c90df63f225a

Download Submit
memory/116-156-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/224-494-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/508-151-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/588-57-0x0000000000140000-0x0000000000151000-memory.dmp

Filesize
68KB

Download
memory/588-55-0x0000000000140000-0x0000000000151000-memory.dmp

Filesize
68KB

Download
memory/588-67-0x0000000000140000-0x0000000000151000-memory.dmp

Filesize
68KB

Download
memory/588-54-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/588-58-0x0000000000140000-0x0000000000151000-memory.dmp

Filesize
68KB

Download
memory/588-56-0x0000000000140000-0x0000000000151000-memory.dmp

Filesize
68KB

Download
memory/588-70-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/860-101-0x0000000000780000-0x0000000000791000-memory.dmp

Filesize
68KB

Download
memory/860-100-0x0000000000780000-0x0000000000791000-memory.dmp

Filesize
68KB

Download
memory/860-641-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/860-99-0x0000000000780000-0x0000000000791000-memory.dmp

Filesize
68KB

Download
memory/860-225-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/860-96-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/860-128-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/860-185-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/860-604-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/860-621-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/1088-189-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/1088-97-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/1088-77-0x0000000000630000-0x0000000000641000-memory.dmp

Filesize
68KB

Download
memory/1088-78-0x0000000000630000-0x0000000000641000-memory.dmp

Filesize
68KB

Download
memory/1088-79-0x0000000000630000-0x0000000000641000-memory.dmp

Filesize
68KB

Download
memory/1088-76-0x0000000000630000-0x0000000000641000-memory.dmp

Filesize
68KB

Download
memory/1088-92-0x0000000000630000-0x0000000000641000-memory.dmp

Filesize
68KB

Download
memory/1176-570-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/1180-629-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/1312-258-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/1500-72-0x00000000001E0000-0x00000000001F1000-memory.dmp

Filesize
68KB

Download
memory/1500-87-0x00000000001E0000-0x00000000001F1000-memory.dmp

Filesize
68KB

Download
memory/1500-74-0x00000000001E0000-0x00000000001F1000-memory.dmp

Filesize
68KB

Download
memory/1500-73-0x00000000001E0000-0x00000000001F1000-memory.dmp

Filesize
68KB

Download
memory/1500-91-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/1500-71-0x00000000001E0000-0x00000000001F1000-memory.dmp

Filesize
68KB

Download
memory/1584-752-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/1584-812-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/1708-245-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/1760-327-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/1816-270-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/1816-308-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/2176-446-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/2304-22-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/2304-20-0x0000000000780000-0x0000000000791000-memory.dmp

Filesize
68KB

Download
memory/2304-28-0x0000000000780000-0x0000000000791000-memory.dmp

Filesize
68KB

Download
memory/2304-31-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/2304-19-0x0000000000780000-0x0000000000791000-memory.dmp

Filesize
68KB

Download
memory/2304-21-0x0000000000780000-0x0000000000791000-memory.dmp

Filesize
68KB

Download
memory/2304-23-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/2304-18-0x0000000000780000-0x0000000000791000-memory.dmp

Filesize
68KB

Download
memory/2324-176-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/2568-802-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/2600-283-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/2700-332-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/3248-798-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/3480-566-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/3708-344-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/3708-296-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/3776-2-0x00000000007F0000-0x0000000000801000-memory.dmp

Filesize
68KB

Download
memory/3776-5-0x00000000007F0000-0x0000000000801000-memory.dmp

Filesize
68KB

Download
memory/3776-17-0x0000000000C81000-0x0000000000CA7000-memory.dmp

Filesize
152KB

Download
memory/3776-16-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/3776-13-0x00000000007F0000-0x0000000000801000-memory.dmp

Filesize
68KB

Download
memory/3776-0-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/3776-6-0x0000000000C81000-0x0000000000CA7000-memory.dmp

Filesize
152KB

Download
memory/3776-1-0x00000000007F0000-0x0000000000801000-memory.dmp

Filesize
68KB

Download
memory/3776-3-0x00000000007F0000-0x0000000000801000-memory.dmp

Filesize
68KB

Download
memory/3776-4-0x00000000007F0000-0x0000000000801000-memory.dmp

Filesize
68KB

Download
memory/3900-48-0x00000000005B0000-0x00000000005C1000-memory.dmp

Filesize
68KB

Download
memory/3900-62-0x00000000005B0000-0x00000000005C1000-memory.dmp

Filesize
68KB

Download
memory/3900-46-0x00000000005B0000-0x00000000005C1000-memory.dmp

Filesize
68KB

Download
memory/3900-65-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/3900-47-0x00000000005B0000-0x00000000005C1000-memory.dmp

Filesize
68KB

Download
memory/3900-49-0x00000000005B0000-0x00000000005C1000-memory.dmp

Filesize
68KB

Download
memory/4032-432-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/4628-213-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/4660-45-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/4660-37-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/4660-32-0x0000000000BC0000-0x0000000000BD1000-memory.dmp

Filesize
68KB

Download
memory/4660-35-0x0000000000BC0000-0x0000000000BD1000-memory.dmp

Filesize
68KB

Download
memory/4660-34-0x0000000000BC0000-0x0000000000BD1000-memory.dmp

Filesize
68KB

Download
memory/4660-33-0x0000000000BC0000-0x0000000000BD1000-memory.dmp

Filesize
68KB

Download
memory/4660-42-0x0000000000BC0000-0x0000000000BD1000-memory.dmp

Filesize
68KB

Download
memory/4660-36-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/4796-208-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/4820-137-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/4820-110-0x0000000000630000-0x0000000000641000-memory.dmp

Filesize
68KB

Download
memory/4820-108-0x0000000000630000-0x0000000000641000-memory.dmp

Filesize
68KB

Download
memory/4820-109-0x0000000000630000-0x0000000000641000-memory.dmp

Filesize
68KB

Download
memory/4844-10-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/4860-104-0x0000000000140000-0x0000000000151000-memory.dmp

Filesize
68KB

Download
memory/4860-103-0x0000000000140000-0x0000000000151000-memory.dmp

Filesize
68KB

Download
memory/4860-120-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/4860-117-0x0000000000140000-0x0000000000151000-memory.dmp

Filesize
68KB

Download
memory/4860-105-0x0000000000140000-0x0000000000151000-memory.dmp

Filesize
68KB

Download
memory/4860-90-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/4988-271-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5004-295-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5004-254-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5084-356-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5152-436-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5164-379-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5180-550-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5200-461-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5248-523-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5292-375-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5316-468-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5316-498-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5320-620-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5328-503-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5328-649-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5420-384-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5424-832-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5424-580-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5500-396-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5724-519-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5724-502-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5840-447-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5840-476-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5844-407-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5856-467-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5968-416-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5992-540-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5992-524-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/5992-600-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/6004-596-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/6192-697-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/6192-722-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/6208-661-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/6232-772-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/6252-828-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/6292-671-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/6368-730-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/6648-687-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/6740-764-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/6744-698-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/6836-706-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/6876-748-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/6900-782-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download
memory/7132-718-0x0000000000C80000-0x0000000000D38000-memory.dmp

Filesize
736KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads