Analysis
-
max time kernel
150s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
12-01-2025 13:11
General
-
Target
JaffaCakes118_0f7390259830775b5eeaa5b9d286ed53.exe
-
Size
132KB
-
MD5
0f7390259830775b5eeaa5b9d286ed53
-
SHA1
3bb255d0d01da4241d084f10605c41c6854f831e
-
SHA256
1ff43d080aaae002d192686f7788267c1ed7ba649a3c6d99bd8d9748a3527f88
-
SHA512
bac28a677c54df7c97a3f91598591bf41a588cecb446e33b60fc3e79d2a0688a4da0e85f198abbbb86352949bb3cd3f5b1e8f55f1b6d1b1770ed4e33a0cb982d
-
SSDEEP
3072:Ste8nF0cuusPAa8guWeqQYFUncOGokQ2dU+nu2vIGR5oLLc:ShnuL7grcOGok9d82vJroLg
Score
10/10
Malware Config
Signatures
-
Detect XtremeRAT payload 1 IoCs
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 64 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 3 IoCs
-
Adds Run key to start application 2 TTPs 64 IoCs
-
Suspicious use of SetThreadContext 33 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 33 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0f7390259830775b5eeaa5b9d286ed53.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0f7390259830775b5eeaa5b9d286ed53.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0f7390259830775b5eeaa5b9d286ed53.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0f7390259830775b5eeaa5b9d286ed53.exe"2⤵
- Boot or Logon Autostart Execution: Active Setup
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"10⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"11⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"11⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"12⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"13⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"14⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"15⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"15⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"16⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"17⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"17⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"18⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"19⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"20⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"21⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"21⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"22⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"23⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"23⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"24⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"25⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"26⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"27⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"27⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"28⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"29⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"29⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"30⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"31⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"32⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"33⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"33⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"34⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"35⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"35⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"36⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"37⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"38⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"39⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"39⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"40⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"41⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"41⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"42⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"43⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"44⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"45⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"45⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"46⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"47⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"47⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"48⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"49⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"50⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"51⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"51⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"52⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"53⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"53⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"54⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"55⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"56⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"57⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"57⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"58⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"59⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"59⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"60⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"61⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"62⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"63⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"63⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"64⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"65⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"65⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"65⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"65⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"65⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"65⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"65⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"65⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"65⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"66⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"67⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"67⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5ee85c4ddac75ee21b84b0649272ca6ce
SHA13d3615c1d6040963645f0af31445e99b292c91d5
SHA25636b118def484aeee11d3b33aaade4c5af6b8ca04a6cbe072bfd348a751a1d932
SHA5126c76bbd2e8efe25d8f5662282235fc81d2a0b400a12cacb9b8e8b792a69bda73166b97ace3b33ccb8714b655faa416c4b18575e86a39b12880b8b300d0129deb
-
Filesize
132KB
MD50f7390259830775b5eeaa5b9d286ed53
SHA13bb255d0d01da4241d084f10605c41c6854f831e
SHA2561ff43d080aaae002d192686f7788267c1ed7ba649a3c6d99bd8d9748a3527f88
SHA512bac28a677c54df7c97a3f91598591bf41a588cecb446e33b60fc3e79d2a0688a4da0e85f198abbbb86352949bb3cd3f5b1e8f55f1b6d1b1770ed4e33a0cb982d
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
152KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB
-
Filesize
288KB