Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
11-07-2024 23:26
Static task
static1
Behavioral task
behavioral1
Sample
3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe
-
Size
794KB
-
MD5
3b2232cc1960a93b4cbadee688109775
-
SHA1
31eac77481abb3540f781558fed87a2606b747e2
-
SHA256
ec929a60b3ca21dea3840cc8b503b862b0c8fe0e85ab3e92098223764df89bf1
-
SHA512
907ff8afd0ad6a95352fff57faae3f7671f29a44f9a0dadf7456e416e9ca8151327f993b84476df0a47b82d3a02d81904c5f101072c5a7b5350bcededef7e0cd
-
SSDEEP
12288:reOvpyCRfHsdeU8p0U3Ecr+Oz/l2/nZDcZaj44vqd:aiy8Hsd+p0CTdzd2/nZDTDG
Malware Config
Extracted
xtremerat
ala.no-ip.biz
Signatures
-
Detect XtremeRAT payload 31 IoCs
Processes:
resource yara_rule behavioral2/memory/3864-14-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/3460-17-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/632-37-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/1264-48-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/2528-53-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/4136-60-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/4072-66-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/4936-76-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/3444-80-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/4016-88-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/4472-95-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/5048-97-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/4280-103-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/3932-110-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/808-115-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/1732-126-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/4928-133-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/3188-138-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/1052-143-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/3100-146-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/2816-151-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/2980-161-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/3584-163-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/2952-166-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/1864-175-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/4820-178-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/4700-187-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/3624-193-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/2468-203-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/1464-205-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/1964-212-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat -
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 64 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
Processes:
3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe restart" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe -
Checks computer location settings 2 TTPs 64 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe -
Executes dropped EXE 64 IoCs
Processes:
3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exepid process 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 1264 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2528 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 4136 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 4072 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 4936 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3444 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 4016 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 5048 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 4472 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 4280 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3932 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 808 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 1732 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 4928 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3188 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 1052 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3100 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2816 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2980 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3584 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2952 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 1864 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 4820 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 4700 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3624 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 1464 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2468 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 1964 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2468 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 1468 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3680 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 5252 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 5340 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 5388 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 5444 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 5704 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 5752 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 5832 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 6072 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 6120 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 5240 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 1116 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 5688 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 5404 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 5768 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 5288 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 5248 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 5396 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 5772 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 1644 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 2564 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 5732 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 6284 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 6364 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 6424 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 6636 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 6728 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 6792 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 6852 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 7120 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 6316 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3672 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 6456 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe -
Molebox Virtualization software 1 IoCs
Detects file using Molebox Virtualization software.
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe molebox -
Processes:
resource yara_rule behavioral2/memory/3864-14-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/3460-17-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/632-37-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/1264-48-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/2528-53-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/4136-60-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/4072-66-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/4936-76-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/3444-80-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/4016-88-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/4472-95-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/5048-97-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/4280-103-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/3932-110-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/808-115-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/1732-126-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/4928-133-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/3188-138-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/1052-143-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/3100-146-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/2816-151-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/2980-161-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/3584-163-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/2952-166-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/1864-175-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/4820-178-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/4700-187-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/3624-193-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/2468-203-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/1464-205-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/1964-212-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx -
Adds Run key to start application 2 TTPs 64 IoCs
Processes:
3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exesvchost.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" svchost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe" 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
Processes:
svchost.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ svchost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exesvchost.exedescription pid process target process PID 3460 wrote to memory of 3864 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe svchost.exe PID 3460 wrote to memory of 3864 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe svchost.exe PID 3460 wrote to memory of 3864 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe svchost.exe PID 3460 wrote to memory of 3864 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe svchost.exe PID 3460 wrote to memory of 3616 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 3616 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 3616 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 224 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 224 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 224 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 2984 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 2984 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 2984 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 1704 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 1704 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 1704 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 1928 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 1928 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 1928 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 636 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 636 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 636 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 4216 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 4216 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 4216 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 364 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 364 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3460 wrote to memory of 632 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe PID 3460 wrote to memory of 632 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe PID 3460 wrote to memory of 632 3460 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe PID 632 wrote to memory of 3656 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 3656 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 3656 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 2664 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 2664 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 2664 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 4296 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 4296 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 4296 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 2228 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 2228 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 2228 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 4124 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 4124 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 4124 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 2872 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 2872 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 2872 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 1876 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 1876 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 1876 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 776 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 776 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 632 wrote to memory of 1264 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe PID 632 wrote to memory of 1264 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe PID 632 wrote to memory of 1264 632 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe PID 1264 wrote to memory of 2116 1264 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 1264 wrote to memory of 2116 1264 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 1264 wrote to memory of 2116 1264 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 3864 wrote to memory of 2528 3864 svchost.exe 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe PID 3864 wrote to memory of 2528 3864 svchost.exe 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe PID 3864 wrote to memory of 2528 3864 svchost.exe 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe PID 1264 wrote to memory of 3264 1264 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe PID 1264 wrote to memory of 3264 1264 3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3460 -
C:\Windows\SysWOW64\svchost.exesvchost.exe2⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3864 -
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:2528 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3876
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3552
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4660
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2276
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1172
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:676
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4956
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:4072 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3000
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1420
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4140
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3956
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1328
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:848
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:3444 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:3080
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:816
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1836
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:3480
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4692
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:3276
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2496
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1700
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:5048 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:3348
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4900
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:1036
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4528
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4220
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:3020
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:320
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:3588
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:3932 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:2480
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:2356
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:1536
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:3768
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:448
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4456
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4320
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4084
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"7⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:1732 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:4072
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:2304
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:4912
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:2448
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:4524
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:4364
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:3564
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:4200
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"8⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1052 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:940
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:4016 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2184
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3868
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4844
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1916
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2244
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:912
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4500
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4852
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:4280 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4308
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:3620
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2696
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:3196
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5060
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5032
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4884
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1076
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:808 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:436
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:3424
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4504
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:1336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:428
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:3064
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:1496
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:3136
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:4928 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4548
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:460
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:2516
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:8
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:3944
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4508
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4472
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:1848
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"7⤵
- Executes dropped EXE
PID:3100 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:4992
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:3256
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:3972
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:1624
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:3116
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:4832
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:1960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:2336
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"8⤵
- Executes dropped EXE
PID:2980 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:1720
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Executes dropped EXE
PID:4472 -
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:3188 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4428
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4100
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4848
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4016
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4324
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4688
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4976
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:2816 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1976
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2908
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4360
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5088
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4236
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4808
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4304
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:3584 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:808
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:1592
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:3392
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4824
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:1844
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5116
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4588
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:2124
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:1864 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:1324
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:1244
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:1272
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4272
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4636
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:2068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:712
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5092
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"7⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:4700 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:4872
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:4540
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:1100
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:4936
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:2728
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:740
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:3248
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:3084
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"8⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:1464 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:1376
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:1232
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:5040
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:1484
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:5068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:716
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:1396
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:432
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"9⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:2468 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:2368
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:3832
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:3272
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:2172
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:5140
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:5168
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:5196
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:5220
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"10⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:5252 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:5296
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:5380
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:2952 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5064
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3036
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2088
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4464
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:624
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3820
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4012
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:4820 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:3076
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2236
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2040
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:3100
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:3884
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4212
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2224
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2816
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:3624 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:1512
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4904
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4384
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:2192
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:552
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:2888
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:3308
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:2520
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:2468 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4188
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:1964 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4896
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2512
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4656
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3624
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4760
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2388
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2608
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1564
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:1468 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1832
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1264
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5124
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5152
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5176
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5204
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5228
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5308
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:5340 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5416
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5516
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5540
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5568
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5592
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5620
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5644
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5672
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:5704 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5780
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5880
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5908
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5936
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5988
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:6012
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:6040
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"7⤵
- Executes dropped EXE
- Adds Run key to start application
PID:6072 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:5148
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:5320
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:3680 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1648
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1464
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5132
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5160
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5184
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5212
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5268
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5332
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:5388 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5460
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5524
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5548
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5576
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5600
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5628
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5652
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5680
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:5752 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5824
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5892
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5916
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5944
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5968
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5996
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6020
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6048
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"6⤵
- Executes dropped EXE
PID:6120 -
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:5444 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5500
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5532
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5556
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5608
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5636
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5660
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5740
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:5832 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5872
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5900
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5924
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5952
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5976
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6028
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6112
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:5240 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:1920
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:3336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4676
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5456
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5496
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5260
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:3960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:2092
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:5688 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5340
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5488
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:1616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:6064
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:6108
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:6096
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:2324
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5856
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"7⤵
- Checks computer location settings
- Executes dropped EXE
PID:5288 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:1716
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:5352
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:5800
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:2052
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:6100
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:5400
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:5324
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:5404
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"8⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:5772 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:5788
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:1620
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:1668
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:5764
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:6164
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:6192
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:6216
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:6244
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"9⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:6284 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:6324
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:6388
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:6468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:6496
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:6520
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:6552
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:6576
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:6604
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"10⤵
- Executes dropped EXE
PID:6636 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:6684
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:6768
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:6896
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:6944
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:6976
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:7012
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:7044
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:7080
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"11⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:7120 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:1468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:5772
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:6648
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:6592
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:6368
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:6752
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:6764
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:6880
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"12⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
PID:6652 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:7068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:6872
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:7136
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:5728
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:3672
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:5356
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:3408
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:2964
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"13⤵PID:6284
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"14⤵PID:2644
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"14⤵PID:7184
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
PID:1116 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5372
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5432
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5304
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5284
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5512
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1080
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5564
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5724
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:5404 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5796
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5984
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5812
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5808
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6128
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5836
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Executes dropped EXE
- Adds Run key to start application
PID:5768 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5668
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5760
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5704
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6136
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5276
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5236
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4600
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6072
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:5248 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5392
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5868
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6124
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5264
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:3584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5412
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5472
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5316
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:1644 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5444
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:2468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6148
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6172
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6200
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6224
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6252
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
PID:5396 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5816
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5708
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3440
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5692
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5716
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5852
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5240
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2976
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Executes dropped EXE
PID:2564 -
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:5732 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1240
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5860
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6156
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6180
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6208
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6232
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6276
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6336
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:6364 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6412
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6476
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6504
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6528
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6560
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6612
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6692
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:6728 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6800
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6904
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6952
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6984
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7020
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7052
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7088
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:6424 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6460
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6488
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6512
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6544
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6568
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6596
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6660
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6720
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
PID:6792 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6840
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6924
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6992
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7028
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7060
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5376
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:6316 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6360
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:6852 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6888
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6936
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6968
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7036
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7072
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7144
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6272
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
PID:3672 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6344
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6656
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6380
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6372
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6760
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6832
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6668
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6264
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Checks computer location settings
- Adds Run key to start application
PID:6856 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6440
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6792
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6876
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6628
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7152
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:180
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:2460
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:1488
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"6⤵
- Checks computer location settings
PID:7192 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7256
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7344
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7388
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7416
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7444
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7496
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7520
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"7⤵
- Adds Run key to start application
PID:7564 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:7620
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:7736
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:6456 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6632
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6408
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6704
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6788
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6424
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6716
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6780
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6860
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Checks computer location settings
- Adds Run key to start application
PID:6320 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7132
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:3096
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6400
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1108
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7000
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:312
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7216
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Checks computer location settings
- Adds Run key to start application
PID:7264 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7308
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7380
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7404
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7436
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7460
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7488
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7512
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7556
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Adds Run key to start application
PID:7628 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7680
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7796
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7844
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7876
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7900
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7932
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7956
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7984
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"7⤵
- Checks computer location settings
- Adds Run key to start application
PID:8016 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:8064
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:8188
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:7212
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:6316
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:6240
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:7140
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:228
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:7104
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"8⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Adds Run key to start application
PID:7360 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:4968
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:7612
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:3636
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:7700
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:7748
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:7572
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:8000
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:7640
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"9⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:7728 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:8120
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:6456
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵PID:6676
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
PID:7324 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7368
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7396
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7424
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7452
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7476
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7504
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7528
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7652
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
PID:7716 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7768
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7836
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7864
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7892
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7916
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7948
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7972
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:8040
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Checks computer location settings
- Adds Run key to start application
PID:8088 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:8152
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5288
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7224
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7228
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7304
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6284
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4788
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:2612
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
PID:4488 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4864
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7328
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:3676
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7608
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4064
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:8008
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Checks computer location settings
- Adds Run key to start application
PID:7776 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7824
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7856
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7884
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7908
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7940
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7964
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7992
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:8108
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Adds Run key to start application
PID:8160 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:3280
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7248
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6352
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7284
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:736
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1872
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7340
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4152
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
PID:7204 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7264
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7356
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7324
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7764
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7564
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7668
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:8036
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:8176
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"6⤵
- Checks computer location settings
PID:8180 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:8016
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:8168
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7272
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:8056
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7756
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:8144
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:8012
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7196
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"7⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:4044 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:8172
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:8164
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:7712
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
PID:7292 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4856
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3860
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7816
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7792
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7644
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7724
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7784
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Checks computer location settings
- Adds Run key to start application
PID:4916 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1132
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7552
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7536
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2844
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1196
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7540
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7268
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4996
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
PID:8092 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:8140
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7244
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Adds Run key to start application
PID:8088 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2260
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7588
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7692
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1056
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7980
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3208
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7100
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7596
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Adds Run key to start application
PID:7172 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:8104
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7240
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:8180
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵PID:2824
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6332
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:8132
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵PID:3616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵PID:224
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵PID:2984
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵PID:1704
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵PID:1928
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵PID:636
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵PID:4216
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵PID:364
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:632 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:3656
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:2664
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:4296
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:2228
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:4124
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:2872
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:1876
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:776
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1264 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2116
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3264
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4332
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3364
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:548
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2100
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1448
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1312
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:4136 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:3376
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4940
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2360
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:3728
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1248
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4076
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4680
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:804
-
C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b2232cc1960a93b4cbadee688109775_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:4936 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:1040
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:2860
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
794KB
MD53b2232cc1960a93b4cbadee688109775
SHA131eac77481abb3540f781558fed87a2606b747e2
SHA256ec929a60b3ca21dea3840cc8b503b862b0c8fe0e85ab3e92098223764df89bf1
SHA512907ff8afd0ad6a95352fff57faae3f7671f29a44f9a0dadf7456e416e9ca8151327f993b84476df0a47b82d3a02d81904c5f101072c5a7b5350bcededef7e0cd
-
Filesize
1KB
MD556f790849131cc9097bf01d1f0ed1a19
SHA1f08cce747c9c243bd318c8a9419a7e65497de6f9
SHA2565a24b16fd95080f676e66243769ab5a67b02b34a8d1063f6d1834c5127d03c90
SHA512b5591abe11c235ced3031d7fe2f9cc523979939de91b691e27eb9a0387861017ea8232639e5de0210b89987e1482592bdc2bd7f7c22bbfd3b2df032a9307f414