xtremerat | 5991c53c781c8c8ec1330ee044ec538c9c61c4d0d5a08851b7c0c8e9c6916d49

Analysis

max time kernel
150s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 17:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Size

416KB
MD5

4ab990a3c782804d2a11dd16d0dc07b1
SHA1

3f94b168538911a21a2f57ec4643274738afdcbb
SHA256

5991c53c781c8c8ec1330ee044ec538c9c61c4d0d5a08851b7c0c8e9c6916d49
SHA512

f702fa74174bba72d10dff6cac0c0e5a3f9117ac31e82c75a3d89ac1ffbab540666218375c6b16993967b5800c9d5f60a9cf62dd6d37161605eb212782803fe5
SSDEEP

6144:VXD6hp7KGP4CvzOWfojBmXjfT4rp5gUH3Q6UD83JLbcnznclG49vE/Mg:MJP4CvctmXjb4SUHr36zncx

Score

10^/10

xtremerat persistence rat spyware

Malware Config

Signatures

Detect XtremeRAT payload 53 IoCs

resource	yara_rule
behavioral2/memory/3772-5-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/4808-6-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/4808-11-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/4828-12-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/4828-17-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/4380-18-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/4380-23-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/1772-28-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/784-29-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/784-34-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/4588-35-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/4588-40-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/4784-41-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/4784-46-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/3036-47-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/3036-52-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/4808-53-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/4808-58-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/4404-59-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/4404-64-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/4496-69-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/2424-70-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/2424-75-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/2340-76-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/2340-81-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/816-82-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/816-87-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/1016-88-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/1016-93-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/3060-94-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/3060-99-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/2948-100-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/2948-105-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/4496-106-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/4496-111-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/4964-112-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/4964-117-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/4704-118-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/4704-123-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/1628-129-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/1324-134-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/456-135-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/456-140-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/1348-145-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/2808-146-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/2808-151-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/3560-157-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/5064-156-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/3560-162-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/2832-168-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/3980-169-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/3980-174-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat
behavioral2/memory/2508-179-0x0000000000C80000-0x0000000000D59000-memory.dmp	family_xtremerat

XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
persistence spyware rat xtremerat

Checks computer location settings 2 TTPs 31 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3772 wrote to memory of 3532	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	88
PID 3772 wrote to memory of 3532	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	88
PID 3772 wrote to memory of 3532	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	88
PID 3772 wrote to memory of 220	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	91
PID 3772 wrote to memory of 220	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	91
PID 3772 wrote to memory of 220	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	91
PID 3772 wrote to memory of 2600	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	92
PID 3772 wrote to memory of 2600	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	92
PID 3772 wrote to memory of 2600	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	92
PID 3772 wrote to memory of 1116	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	94
PID 3772 wrote to memory of 1116	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	94
PID 3772 wrote to memory of 1116	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	94
PID 3772 wrote to memory of 2716	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	95
PID 3772 wrote to memory of 2716	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	95
PID 3772 wrote to memory of 2716	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	95
PID 3772 wrote to memory of 4464	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	96
PID 3772 wrote to memory of 4464	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	96
PID 3772 wrote to memory of 4464	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	96
PID 3772 wrote to memory of 1192	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	97
PID 3772 wrote to memory of 1192	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	97
PID 3772 wrote to memory of 1192	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	97
PID 3772 wrote to memory of 396	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	98
PID 3772 wrote to memory of 396	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	98
PID 3772 wrote to memory of 4808	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	99
PID 3772 wrote to memory of 4808	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	99
PID 3772 wrote to memory of 4808	3772	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	99
PID 4808 wrote to memory of 3664	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	100
PID 4808 wrote to memory of 3664	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	100
PID 4808 wrote to memory of 3664	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	100
PID 4808 wrote to memory of 5028	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	101
PID 4808 wrote to memory of 5028	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	101
PID 4808 wrote to memory of 5028	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	101
PID 4808 wrote to memory of 4116	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	102
PID 4808 wrote to memory of 4116	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	102
PID 4808 wrote to memory of 4116	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	102
PID 4808 wrote to memory of 4012	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	103
PID 4808 wrote to memory of 4012	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	103
PID 4808 wrote to memory of 4012	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	103
PID 4808 wrote to memory of 3400	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	104
PID 4808 wrote to memory of 3400	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	104
PID 4808 wrote to memory of 3400	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	104
PID 4808 wrote to memory of 2400	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	105
PID 4808 wrote to memory of 2400	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	105
PID 4808 wrote to memory of 2400	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	105
PID 4808 wrote to memory of 1160	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	106
PID 4808 wrote to memory of 1160	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	106
PID 4808 wrote to memory of 1160	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	106
PID 4808 wrote to memory of 728	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	107
PID 4808 wrote to memory of 728	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	107
PID 4808 wrote to memory of 4828	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	108
PID 4808 wrote to memory of 4828	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	108
PID 4808 wrote to memory of 4828	4808	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	108
PID 4828 wrote to memory of 2824	4828	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	109
PID 4828 wrote to memory of 2824	4828	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	109
PID 4828 wrote to memory of 2824	4828	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	109
PID 4828 wrote to memory of 2100	4828	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	110
PID 4828 wrote to memory of 2100	4828	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	110
PID 4828 wrote to memory of 2100	4828	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	110
PID 4828 wrote to memory of 2368	4828	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	111
PID 4828 wrote to memory of 2368	4828	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	111
PID 4828 wrote to memory of 2368	4828	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	111
PID 4828 wrote to memory of 4000	4828	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	112
PID 4828 wrote to memory of 4000	4828	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	112
PID 4828 wrote to memory of 4000	4828	4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe	112

C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:396
- C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
  2⤵
  - Checks computer location settings
  - Suspicious use of WriteProcessMemory
  PID:4808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:3664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:5028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:4116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:4012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:3400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:2400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:1160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:728
- - C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
    3⤵
    - Checks computer location settings
    - Suspicious use of WriteProcessMemory
    PID:4828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:2824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:2100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:2368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
      4⤵
      Checks computer location settings
      PID:4380
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:2676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:2272
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:4228
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:4376
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:1688
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:4028
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:3356
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        5⤵
        Checks computer location settings
        
        PID:1772
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4836
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4008
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2648
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4648
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3228
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:1360
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5060
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        6⤵
        Checks computer location settings
        
        PID:784
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:4516
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:4724
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:2804
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:1680
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:4748
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:1564
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:1712
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        7⤵
        Checks computer location settings
        
        PID:4588
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:2888
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:4768
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:2584
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:2248
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5036
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:380
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:352
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        8⤵
        Checks computer location settings
        
        PID:4784
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:2464
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:2756
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:224
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4268
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4220
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5040
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4272
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        9⤵
        Checks computer location settings
        
        PID:3036
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:1748
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:4492
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:2980
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:4740
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:3172
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:3024
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:1956
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        10⤵
        Checks computer location settings
        
        PID:4808
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:4552
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:2540
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:1372
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:4732
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:4828
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:4476
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:1744
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        11⤵
        Checks computer location settings
        
        PID:4404
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:1124
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:2848
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:3660
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:788
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:1296
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:888
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:2972
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        12⤵
        Checks computer location settings
        
        PID:4496
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:4432
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:5020
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:2684
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:2952
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:2360
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:1932
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:4524
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        13⤵
        Checks computer location settings
        
        PID:2424
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:2592
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:372
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:5092
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:4224
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:1484
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:2532
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:2692
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        14⤵
        Checks computer location settings
        
        PID:2340
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:3624
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:4780
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:3844
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:2348
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:4452
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:2324
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:2876
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        15⤵
        Checks computer location settings
        
        PID:816
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:1916
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:3580
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:2024
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:1948
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:2336
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:5100
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:552
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        16⤵
        Checks computer location settings
        
        PID:1016
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:4784
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:1588
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:3684
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:4760
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:4696
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:116
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:1652
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        17⤵
        Checks computer location settings
        
        PID:3060
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:892
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:1464
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:3020
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:3460
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:1528
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:2288
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:4812
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        18⤵
        Checks computer location settings
        
        PID:2948
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:1864
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:1604
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:4404
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:1676
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:1048
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:1412
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:4424
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        19⤵
        Checks computer location settings
        
        PID:4496
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:2492
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:4556
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:1668
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:2884
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:1648
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:3472
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:3260
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        20⤵
        Checks computer location settings
        
        PID:4964
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:4764
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:3776
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:3996
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:2696
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:2644
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:3076
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:3516
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        21⤵
        Checks computer location settings
        
        PID:4704
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:4316
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:2416
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:4928
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:3892
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:3192
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:2896
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:3992
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        22⤵
        Checks computer location settings
        
        PID:1628
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:2760
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:536
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:4312
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:656
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:3036
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:4728
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:3544
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        23⤵
        Checks computer location settings
        
        PID:1324
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:8
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:2612
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:4540
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:2372
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:412
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:3380
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:3032
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        24⤵
        Checks computer location settings
        
        PID:456
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:4912
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:1224
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:2312
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:3452
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:1468
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:1452
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:4240
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        25⤵
        Checks computer location settings
        
        PID:1348
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:4032
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:2080
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:2152
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:2032
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:1868
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:2168
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:3196
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        26⤵
        Checks computer location settings
        
        PID:2808
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:1576
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:4360
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:4280
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:4352
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:3884
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:2340
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:4484
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        27⤵
        Checks computer location settings
        
        PID:5064
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:1264
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:4344
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:3940
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:1716
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:188
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:1304
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:340
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        28⤵
        Checks computer location settings
        
        PID:3560
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:3896
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:5024
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:1912
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:1628
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:4868
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:764
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:4788
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        29⤵
        Checks computer location settings
        
        PID:2832
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        30⤵
        
        PID:1616
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        30⤵
        
        PID:4480
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        30⤵
        
        PID:4400
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        30⤵
        
        PID:4500
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        30⤵
        
        PID:3084
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        30⤵
        
        PID:4580
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        30⤵
        
        PID:1840
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        30⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        30⤵
        Checks computer location settings
        
        PID:3980
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        31⤵
        
        PID:3500
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        31⤵
        
        PID:4392
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        31⤵
        
        PID:3924
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        31⤵
        
        PID:3112
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        31⤵
        
        PID:2452
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        31⤵
        
        PID:3916
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        31⤵
        
        PID:4940
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        31⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        31⤵
        Checks computer location settings
        
        PID:2508
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        32⤵
        
        PID:1700
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        32⤵
        
        PID:2832
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        32⤵
        
        PID:3980
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        32⤵
        
        PID:2016
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        32⤵
        
        PID:4168
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        32⤵
        
        PID:1768
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        32⤵
        
        PID:5124
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        32⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4ab990a3c782804d2a11dd16d0dc07b1_JaffaCakes118.exe"
        32⤵
        
        PID:5160
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        33⤵
        
        PID:5208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

Filesize
1KB

MD5
6f1748d079a5a0c9ebfeb84cc2697866

SHA1
9fd1107197aefa502da9c3ca1a11f3feaa021a03

SHA256
dcd939f432c530de9e6a39b5d4d3ed57ffadd2a0cd2050af351b30519f02425a

SHA512
146f72beb6ad33ebe5c5a881a908ce20a00bdf8617e91a1d3e34b6454a98342e45f36c27ba21f0953bbd156a148128513e00e50246852b4df22ad17b13888fb5

Download Submit
memory/456-140-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/456-135-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/784-29-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/784-34-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/816-87-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/816-82-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/1016-93-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/1016-88-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/1324-134-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/1348-145-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/1628-129-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/1628-124-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/1772-28-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/2340-81-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/2340-76-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/2424-75-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/2424-70-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/2508-179-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/2808-146-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/2808-151-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/2832-163-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/2832-168-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/2948-105-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/2948-100-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/3036-47-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/3036-52-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/3060-94-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/3060-99-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/3560-157-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/3560-162-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/3772-0-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/3772-5-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/3772-1-0x0000000000D16000-0x0000000000D17000-memory.dmp

Filesize
4KB

Download
memory/3980-174-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/3980-169-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/4380-18-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/4380-23-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/4404-59-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/4404-64-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/4496-69-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/4496-111-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/4496-106-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/4588-35-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/4588-40-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/4704-123-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/4704-118-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/4784-41-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/4784-46-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/4808-53-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/4808-58-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/4808-6-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/4808-11-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/4828-17-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/4828-12-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/4964-112-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/4964-117-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/5064-156-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download
memory/5160-180-0x0000000000C80000-0x0000000000D59000-memory.dmp

Filesize
868KB

Download