Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
17-07-2024 14:59
Static task
static1
Behavioral task
behavioral1
Sample
53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe
-
Size
105KB
-
MD5
53800f3d1109fc8cbfe155f78df4a6bf
-
SHA1
22a3c79bd81965a458fc57d142340f62000e66b4
-
SHA256
b2ef3929aaf74d23dae364d7a402930390338de126ac8a9683bdfadcc91a3c03
-
SHA512
f1a092e18f5e28b7d415373746d0407d978738856300cac177049066cdde446522664e22cfed98bbceb9a93f01fff352e36d1491767d0b2625a1fd9894c15f08
-
SSDEEP
3072:Mgo0sZay/cfysv9wSK4Hkw9jZ5c5XALh:Aazqq9wSK4HkOuNA
Malware Config
Signatures
-
Detect XtremeRAT payload 5 IoCs
Processes:
resource yara_rule behavioral1/memory/2088-8-0x0000000010000000-0x000000001004A000-memory.dmp family_xtremerat behavioral1/memory/2088-7-0x0000000010000000-0x000000001004A000-memory.dmp family_xtremerat behavioral1/memory/2088-6-0x0000000010000000-0x000000001004A000-memory.dmp family_xtremerat behavioral1/memory/2088-5-0x0000000010000000-0x000000001004A000-memory.dmp family_xtremerat behavioral1/memory/2088-4-0x0000000010000000-0x000000001004A000-memory.dmp family_xtremerat -
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext 64 IoCs
Processes:
53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exedescription pid Process procid_target PID 2068 set thread context of 2088 2068 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 31 PID 2088 set thread context of 2316 2088 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 33 PID 2316 set thread context of 2752 2316 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 35 PID 2752 set thread context of 1996 2752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 37 PID 1996 set thread context of 2632 1996 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 39 PID 2632 set thread context of 3016 2632 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 41 PID 3016 set thread context of 2416 3016 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 43 PID 2416 set thread context of 532 2416 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 45 PID 532 set thread context of 264 532 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 47 PID 264 set thread context of 1868 264 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 49 PID 1868 set thread context of 2288 1868 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 51 PID 2288 set thread context of 2304 2288 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 53 PID 2304 set thread context of 2560 2304 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 55 PID 2560 set thread context of 1180 2560 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 57 PID 1180 set thread context of 1936 1180 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 59 PID 1936 set thread context of 916 1936 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 61 PID 916 set thread context of 2424 916 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 63 PID 2424 set thread context of 3052 2424 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 65 PID 3052 set thread context of 888 3052 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 67 PID 888 set thread context of 1632 888 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 69 PID 1632 set thread context of 2212 1632 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 71 PID 2212 set thread context of 2812 2212 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 73 PID 2812 set thread context of 2604 2812 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 75 PID 2604 set thread context of 2656 2604 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 77 PID 2656 set thread context of 1236 2656 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 79 PID 1236 set thread context of 1700 1236 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 81 PID 1700 set thread context of 336 1700 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 83 PID 336 set thread context of 1832 336 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 85 PID 1832 set thread context of 1900 1832 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 87 PID 1900 set thread context of 1064 1900 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 89 PID 1064 set thread context of 1868 1064 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 91 PID 1868 set thread context of 1232 1868 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 93 PID 1232 set thread context of 2472 1232 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 95 PID 2472 set thread context of 1652 2472 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 97 PID 1652 set thread context of 1224 1652 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 99 PID 1224 set thread context of 3036 1224 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 101 PID 3036 set thread context of 340 3036 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 103 PID 340 set thread context of 896 340 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 105 PID 896 set thread context of 1532 896 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 107 PID 1532 set thread context of 2156 1532 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 109 PID 2156 set thread context of 2784 2156 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 111 PID 2784 set thread context of 3008 2784 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 113 PID 3008 set thread context of 2132 3008 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 115 PID 2132 set thread context of 2420 2132 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 117 PID 2420 set thread context of 2504 2420 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 119 PID 2504 set thread context of 1916 2504 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 121 PID 1916 set thread context of 2216 1916 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 123 PID 2216 set thread context of 2476 2216 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 125 PID 2476 set thread context of 2956 2476 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 127 PID 2956 set thread context of 620 2956 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 129 PID 620 set thread context of 2284 620 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 131 PID 2284 set thread context of 1936 2284 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 133 PID 1936 set thread context of 920 1936 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 135 PID 920 set thread context of 2976 920 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 137 PID 2976 set thread context of 1528 2976 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 139 PID 1528 set thread context of 2740 1528 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 141 PID 2740 set thread context of 2724 2740 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 143 PID 2724 set thread context of 2808 2724 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 145 PID 2808 set thread context of 2784 2808 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 147 PID 2784 set thread context of 2632 2784 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 149 PID 2632 set thread context of 1624 2632 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 151 PID 1624 set thread context of 3012 1624 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 153 PID 3012 set thread context of 2588 3012 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 155 PID 2588 set thread context of 2944 2588 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 157 -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exedescription pid Process Token: SeDebugPrivilege 2068 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 2068 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 2068 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 2088 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 2088 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 2088 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 2316 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 2316 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 2316 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 2752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 2752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 2752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 1996 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 1996 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1996 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 2632 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 2632 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 2632 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 3016 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 3016 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 3016 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 2416 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 2416 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 2416 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 532 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 532 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 532 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 264 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 264 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 264 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 1868 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 1868 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1868 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 2288 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 2288 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 2288 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 2304 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 2304 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 2304 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 2560 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 2560 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 2560 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 1180 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 1180 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1180 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 1936 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 1936 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1936 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 916 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 916 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 916 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 2424 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 2424 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 2424 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 3052 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 3052 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 3052 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 888 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 888 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 888 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 1632 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 1632 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1632 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 2212 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exedescription pid Process procid_target PID 2068 wrote to memory of 2572 2068 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 30 PID 2068 wrote to memory of 2572 2068 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 30 PID 2068 wrote to memory of 2572 2068 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 30 PID 2068 wrote to memory of 2088 2068 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 31 PID 2068 wrote to memory of 2088 2068 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 31 PID 2068 wrote to memory of 2088 2068 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 31 PID 2068 wrote to memory of 2088 2068 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 31 PID 2068 wrote to memory of 2088 2068 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 31 PID 2068 wrote to memory of 2088 2068 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 31 PID 2068 wrote to memory of 2088 2068 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 31 PID 2068 wrote to memory of 2088 2068 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 31 PID 2068 wrote to memory of 2088 2068 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 31 PID 2068 wrote to memory of 2088 2068 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 31 PID 2088 wrote to memory of 2692 2088 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 32 PID 2088 wrote to memory of 2692 2088 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 32 PID 2088 wrote to memory of 2692 2088 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 32 PID 2088 wrote to memory of 2316 2088 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 33 PID 2088 wrote to memory of 2316 2088 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 33 PID 2088 wrote to memory of 2316 2088 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 33 PID 2088 wrote to memory of 2316 2088 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 33 PID 2088 wrote to memory of 2316 2088 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 33 PID 2088 wrote to memory of 2316 2088 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 33 PID 2088 wrote to memory of 2316 2088 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 33 PID 2088 wrote to memory of 2316 2088 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 33 PID 2088 wrote to memory of 2316 2088 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 33 PID 2088 wrote to memory of 2316 2088 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 33 PID 2316 wrote to memory of 2932 2316 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 34 PID 2316 wrote to memory of 2932 2316 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 34 PID 2316 wrote to memory of 2932 2316 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 34 PID 2316 wrote to memory of 2752 2316 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 35 PID 2316 wrote to memory of 2752 2316 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 35 PID 2316 wrote to memory of 2752 2316 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 35 PID 2316 wrote to memory of 2752 2316 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 35 PID 2316 wrote to memory of 2752 2316 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 35 PID 2316 wrote to memory of 2752 2316 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 35 PID 2316 wrote to memory of 2752 2316 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 35 PID 2316 wrote to memory of 2752 2316 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 35 PID 2316 wrote to memory of 2752 2316 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 35 PID 2316 wrote to memory of 2752 2316 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 35 PID 2752 wrote to memory of 2884 2752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 36 PID 2752 wrote to memory of 2884 2752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 36 PID 2752 wrote to memory of 2884 2752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 36 PID 2752 wrote to memory of 1996 2752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 37 PID 2752 wrote to memory of 1996 2752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 37 PID 2752 wrote to memory of 1996 2752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 37 PID 2752 wrote to memory of 1996 2752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 37 PID 2752 wrote to memory of 1996 2752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 37 PID 2752 wrote to memory of 1996 2752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 37 PID 2752 wrote to memory of 1996 2752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 37 PID 2752 wrote to memory of 1996 2752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 37 PID 2752 wrote to memory of 1996 2752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 37 PID 2752 wrote to memory of 1996 2752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 37 PID 1996 wrote to memory of 2616 1996 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 38 PID 1996 wrote to memory of 2616 1996 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 38 PID 1996 wrote to memory of 2616 1996 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 38 PID 1996 wrote to memory of 2632 1996 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 39 PID 1996 wrote to memory of 2632 1996 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 39 PID 1996 wrote to memory of 2632 1996 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 39 PID 1996 wrote to memory of 2632 1996 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 39 PID 1996 wrote to memory of 2632 1996 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 39 PID 1996 wrote to memory of 2632 1996 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 39 PID 1996 wrote to memory of 2632 1996 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 39 PID 1996 wrote to memory of 2632 1996 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 39 PID 1996 wrote to memory of 2632 1996 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 39
Processes
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2068 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe2⤵PID:2572
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe2⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2088 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe3⤵PID:2692
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe3⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2316 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe4⤵PID:2932
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe4⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2752 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe5⤵PID:2884
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe5⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1996 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe6⤵PID:2616
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe6⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2632 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe7⤵PID:2240
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe7⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:3016 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe8⤵PID:480
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe8⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2416 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe9⤵PID:584
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe9⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:532 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe10⤵PID:600
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe10⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:264 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe11⤵PID:1860
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe11⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:1868 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe12⤵PID:568
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe12⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2288 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe13⤵PID:2208
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe13⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2304 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe14⤵PID:444
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe14⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2560 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe15⤵PID:2024
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe15⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:1180 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe16⤵PID:1120
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe16⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:1936 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe17⤵PID:1692
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe17⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:916 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe18⤵PID:2272
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe18⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2424 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe19⤵PID:1328
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe19⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:3052 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe20⤵PID:1896
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe20⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:888 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe21⤵PID:1524
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe21⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:1632 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe22⤵PID:2744
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe22⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2212 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe23⤵PID:2928
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe23⤵
- Suspicious use of SetThreadContext
PID:2812 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe24⤵PID:2864
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe24⤵
- Suspicious use of SetThreadContext
PID:2604 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe25⤵PID:2008
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe25⤵
- Suspicious use of SetThreadContext
PID:2656 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe26⤵PID:864
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe26⤵
- Suspicious use of SetThreadContext
PID:1236 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe27⤵PID:1068
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe27⤵
- Suspicious use of SetThreadContext
PID:1700 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe28⤵PID:556
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe28⤵
- Suspicious use of SetThreadContext
PID:336 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe29⤵PID:2344
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe29⤵
- Suspicious use of SetThreadContext
PID:1832 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe30⤵PID:2668
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe30⤵
- Suspicious use of SetThreadContext
PID:1900 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe31⤵PID:2128
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe31⤵
- Suspicious use of SetThreadContext
PID:1064 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe32⤵PID:2912
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe32⤵
- Suspicious use of SetThreadContext
PID:1868 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe33⤵PID:2200
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe33⤵
- Suspicious use of SetThreadContext
PID:1232 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe34⤵PID:1108
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe34⤵
- Suspicious use of SetThreadContext
PID:2472 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe35⤵PID:1656
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe35⤵
- Suspicious use of SetThreadContext
PID:1652 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe36⤵PID:2224
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe36⤵
- Suspicious use of SetThreadContext
PID:1224 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe37⤵PID:2972
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe37⤵
- Suspicious use of SetThreadContext
PID:3036 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe38⤵PID:2192
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe38⤵
- Suspicious use of SetThreadContext
PID:340 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe39⤵PID:1520
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe39⤵
- Suspicious use of SetThreadContext
PID:896 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe40⤵PID:2512
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe40⤵
- Suspicious use of SetThreadContext
PID:1532 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe41⤵PID:2112
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe41⤵
- Suspicious use of SetThreadContext
PID:2156 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe42⤵PID:2380
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe42⤵
- Suspicious use of SetThreadContext
PID:2784 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe43⤵PID:2676
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe43⤵
- Suspicious use of SetThreadContext
PID:3008 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe44⤵PID:1776
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe44⤵
- Suspicious use of SetThreadContext
PID:2132 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe45⤵PID:1428
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe45⤵
- Suspicious use of SetThreadContext
PID:2420 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe46⤵PID:2144
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe46⤵
- Suspicious use of SetThreadContext
PID:2504 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe47⤵PID:1612
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe47⤵
- Suspicious use of SetThreadContext
PID:1916 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe48⤵PID:1952
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe48⤵
- Suspicious use of SetThreadContext
PID:2216 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe49⤵PID:2120
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe49⤵
- Suspicious use of SetThreadContext
PID:2476 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe50⤵PID:1772
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe50⤵
- Suspicious use of SetThreadContext
PID:2956 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe51⤵PID:1516
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe51⤵
- Suspicious use of SetThreadContext
PID:620 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe52⤵PID:1664
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe52⤵
- Suspicious use of SetThreadContext
PID:2284 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53⤵PID:2248
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53⤵
- Suspicious use of SetThreadContext
PID:1936 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe54⤵PID:1740
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe54⤵
- Suspicious use of SetThreadContext
PID:920 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe55⤵PID:1888
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe55⤵
- Suspicious use of SetThreadContext
PID:2976 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe56⤵PID:2368
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe56⤵
- Suspicious use of SetThreadContext
PID:1528 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe57⤵PID:2384
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe57⤵
- Suspicious use of SetThreadContext
PID:2740 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe58⤵PID:2824
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe58⤵
- Suspicious use of SetThreadContext
PID:2724 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe59⤵PID:2404
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe59⤵
- Suspicious use of SetThreadContext
PID:2808 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe60⤵PID:2604
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe60⤵
- Suspicious use of SetThreadContext
PID:2784 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe61⤵PID:1544
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe61⤵
- Suspicious use of SetThreadContext
PID:2632 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe62⤵PID:1724
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe62⤵
- Suspicious use of SetThreadContext
PID:1624 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe63⤵PID:372
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe63⤵
- Suspicious use of SetThreadContext
PID:3012 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe64⤵PID:2352
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe64⤵
- Suspicious use of SetThreadContext
PID:2588 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe65⤵PID:264
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe65⤵PID:2944
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe66⤵PID:1976
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe66⤵PID:2220
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe67⤵PID:2232
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe67⤵PID:2788
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe68⤵PID:2940
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe68⤵PID:1480
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe69⤵PID:236
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe69⤵PID:2284
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe70⤵PID:1936
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe70⤵PID:3032
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe71⤵PID:340
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe71⤵PID:2136
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe72⤵PID:1704
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe72⤵PID:1992
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe73⤵PID:2648
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe73⤵PID:1632
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe74⤵PID:760
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe74⤵PID:2764
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe75⤵PID:1628
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe75⤵PID:1020
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe76⤵PID:2132
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe76⤵PID:2712
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe77⤵PID:2892
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe77⤵PID:1620
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe78⤵PID:336
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe78⤵PID:1932
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe79⤵PID:2172
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe79⤵PID:1416
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe80⤵PID:1436
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe80⤵PID:2436
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe81⤵PID:2072
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe81⤵PID:2300
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe82⤵PID:2688
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe82⤵PID:2624
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe83⤵PID:2028
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe83⤵PID:1652
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe84⤵PID:1800
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe84⤵PID:2964
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe85⤵PID:2920
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe85⤵PID:2832
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe86⤵PID:2828
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe86⤵PID:2756
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe87⤵PID:2776
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe87⤵PID:324
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe88⤵PID:1372
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe88⤵PID:1604
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe89⤵PID:2896
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe89⤵PID:2420
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe90⤵PID:2056
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe90⤵PID:2652
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe91⤵PID:1568
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe91⤵PID:1624
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe92⤵PID:1716
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe92⤵PID:2696
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe93⤵PID:2320
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe93⤵PID:1416
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe94⤵PID:2436
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe94⤵PID:776
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe95⤵PID:1920
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe95⤵PID:2968
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe96⤵PID:1956
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe96⤵PID:3068
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe97⤵PID:1380
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe97⤵PID:2284
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe98⤵PID:1072
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe98⤵PID:2708
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe99⤵PID:2740
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe99⤵PID:2924
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe100⤵PID:2316
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe100⤵PID:1636
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe101⤵PID:1700
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe101⤵PID:1684
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe102⤵PID:1620
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe102⤵PID:1308
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe103⤵PID:2560
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe103⤵PID:1868
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe104⤵PID:2500
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe104⤵PID:1256
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe105⤵PID:960
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe105⤵PID:2220
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe106⤵PID:1224
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe106⤵PID:1480
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe107⤵PID:2852
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe107⤵PID:1912
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe108⤵PID:2748
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe108⤵PID:3068
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe109⤵PID:2284
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe109⤵PID:2088
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe110⤵PID:2868
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe110⤵PID:2808
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe111⤵PID:2872
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe111⤵PID:1712
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe112⤵PID:3024
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe112⤵PID:1064
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe113⤵PID:2304
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe113⤵PID:3012
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe114⤵PID:112
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe114⤵PID:2956
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe115⤵PID:3044
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe115⤵PID:1980
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe116⤵PID:1508
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe116⤵PID:3036
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe117⤵PID:2728
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe117⤵PID:1480
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe118⤵PID:1912
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe118⤵PID:1996
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe119⤵PID:1988
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe119⤵PID:1236
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe120⤵PID:1608
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe120⤵PID:2888
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe121⤵PID:1584
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe121⤵PID:956
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe122⤵PID:2944
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-