Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
17-07-2024 14:59
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe
Resource
win7-20240704-en
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe
Resource
win10v2004-20240709-en
3 signatures
150 seconds
General
-
Target
53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe
-
Size
105KB
-
MD5
53800f3d1109fc8cbfe155f78df4a6bf
-
SHA1
22a3c79bd81965a458fc57d142340f62000e66b4
-
SHA256
b2ef3929aaf74d23dae364d7a402930390338de126ac8a9683bdfadcc91a3c03
-
SHA512
f1a092e18f5e28b7d415373746d0407d978738856300cac177049066cdde446522664e22cfed98bbceb9a93f01fff352e36d1491767d0b2625a1fd9894c15f08
-
SSDEEP
3072:Mgo0sZay/cfysv9wSK4Hkw9jZ5c5XALh:Aazqq9wSK4HkOuNA
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 64 IoCs
Processes:
53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exedescription pid Process procid_target PID 4856 set thread context of 4732 4856 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 87 PID 4732 set thread context of 752 4732 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 89 PID 752 set thread context of 1924 752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 91 PID 1924 set thread context of 3268 1924 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 93 PID 3268 set thread context of 4556 3268 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 96 PID 4556 set thread context of 528 4556 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 98 PID 528 set thread context of 3036 528 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 100 PID 3036 set thread context of 1312 3036 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 104 PID 1312 set thread context of 2212 1312 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 106 PID 2212 set thread context of 2236 2212 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 108 PID 2236 set thread context of 5004 2236 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 110 PID 5004 set thread context of 4448 5004 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 112 PID 4448 set thread context of 3644 4448 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 114 PID 3644 set thread context of 956 3644 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 116 PID 956 set thread context of 4056 956 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 118 PID 4056 set thread context of 3876 4056 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 121 PID 3876 set thread context of 4908 3876 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 124 PID 4908 set thread context of 2176 4908 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 126 PID 2176 set thread context of 2668 2176 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 128 PID 2668 set thread context of 2904 2668 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 130 PID 2904 set thread context of 2368 2904 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 132 PID 2368 set thread context of 4508 2368 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 134 PID 4508 set thread context of 4932 4508 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 136 PID 4932 set thread context of 3636 4932 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 138 PID 3636 set thread context of 396 3636 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 140 PID 396 set thread context of 4836 396 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 142 PID 4836 set thread context of 2196 4836 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 144 PID 2196 set thread context of 1912 2196 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 146 PID 1912 set thread context of 3268 1912 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 148 PID 3268 set thread context of 3000 3268 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 150 PID 3000 set thread context of 2988 3000 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 152 PID 2988 set thread context of 4660 2988 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 154 PID 4660 set thread context of 2644 4660 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 156 PID 2644 set thread context of 3452 2644 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 158 PID 3452 set thread context of 4916 3452 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 160 PID 4916 set thread context of 3188 4916 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 162 PID 3188 set thread context of 5004 3188 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 164 PID 5004 set thread context of 696 5004 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 166 PID 696 set thread context of 2452 696 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 169 PID 2452 set thread context of 5084 2452 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 171 PID 5084 set thread context of 3104 5084 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 173 PID 3104 set thread context of 4992 3104 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 175 PID 4992 set thread context of 3196 4992 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 177 PID 3196 set thread context of 984 3196 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 179 PID 984 set thread context of 4936 984 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 181 PID 4936 set thread context of 1968 4936 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 183 PID 1968 set thread context of 3468 1968 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 185 PID 3468 set thread context of 1848 3468 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 187 PID 1848 set thread context of 5008 1848 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 189 PID 5008 set thread context of 228 5008 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 191 PID 228 set thread context of 436 228 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 193 PID 436 set thread context of 224 436 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 195 PID 224 set thread context of 5052 224 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 197 PID 5052 set thread context of 1076 5052 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 199 PID 1076 set thread context of 1604 1076 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 201 PID 1604 set thread context of 4412 1604 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 203 PID 4412 set thread context of 4640 4412 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 205 PID 4640 set thread context of 820 4640 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 207 PID 820 set thread context of 4292 820 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 209 PID 4292 set thread context of 4428 4292 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 211 PID 4428 set thread context of 3152 4428 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 213 PID 3152 set thread context of 3360 3152 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 216 PID 3360 set thread context of 4256 3360 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 218 PID 4256 set thread context of 2904 4256 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 220 -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exedescription pid Process Token: SeDebugPrivilege 4856 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 4856 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 4856 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 4732 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 4732 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 4732 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 1924 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 1924 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1924 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 3268 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 3268 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 3268 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 4556 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 4556 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 4556 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 528 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 528 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 528 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 3036 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 3036 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 3036 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 1312 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 1312 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1312 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 2212 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 2212 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 2212 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 2236 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 2236 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 2236 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 5004 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 5004 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 5004 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 4448 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 4448 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 4448 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 3644 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 3644 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 3644 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 956 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 956 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 956 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 4056 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 4056 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 4056 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 3876 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 3876 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 3876 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 4908 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 4908 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 4908 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 2176 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 2176 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 2176 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 2668 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 2668 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 2668 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 2904 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: 33 2904 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 2904 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe Token: SeDebugPrivilege 2368 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exedescription pid Process procid_target PID 4856 wrote to memory of 4168 4856 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 85 PID 4856 wrote to memory of 4168 4856 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 85 PID 4856 wrote to memory of 4732 4856 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 87 PID 4856 wrote to memory of 4732 4856 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 87 PID 4856 wrote to memory of 4732 4856 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 87 PID 4856 wrote to memory of 4732 4856 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 87 PID 4856 wrote to memory of 4732 4856 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 87 PID 4856 wrote to memory of 4732 4856 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 87 PID 4856 wrote to memory of 4732 4856 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 87 PID 4856 wrote to memory of 4732 4856 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 87 PID 4856 wrote to memory of 4732 4856 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 87 PID 4856 wrote to memory of 4732 4856 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 87 PID 4856 wrote to memory of 4732 4856 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 87 PID 4732 wrote to memory of 2932 4732 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 88 PID 4732 wrote to memory of 2932 4732 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 88 PID 4732 wrote to memory of 752 4732 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 89 PID 4732 wrote to memory of 752 4732 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 89 PID 4732 wrote to memory of 752 4732 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 89 PID 4732 wrote to memory of 752 4732 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 89 PID 4732 wrote to memory of 752 4732 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 89 PID 4732 wrote to memory of 752 4732 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 89 PID 4732 wrote to memory of 752 4732 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 89 PID 4732 wrote to memory of 752 4732 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 89 PID 4732 wrote to memory of 752 4732 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 89 PID 4732 wrote to memory of 752 4732 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 89 PID 4732 wrote to memory of 752 4732 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 89 PID 752 wrote to memory of 4284 752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 90 PID 752 wrote to memory of 4284 752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 90 PID 752 wrote to memory of 1924 752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 91 PID 752 wrote to memory of 1924 752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 91 PID 752 wrote to memory of 1924 752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 91 PID 752 wrote to memory of 1924 752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 91 PID 752 wrote to memory of 1924 752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 91 PID 752 wrote to memory of 1924 752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 91 PID 752 wrote to memory of 1924 752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 91 PID 752 wrote to memory of 1924 752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 91 PID 752 wrote to memory of 1924 752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 91 PID 752 wrote to memory of 1924 752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 91 PID 752 wrote to memory of 1924 752 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 91 PID 1924 wrote to memory of 4716 1924 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 92 PID 1924 wrote to memory of 4716 1924 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 92 PID 1924 wrote to memory of 3268 1924 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 93 PID 1924 wrote to memory of 3268 1924 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 93 PID 1924 wrote to memory of 3268 1924 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 93 PID 1924 wrote to memory of 3268 1924 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 93 PID 1924 wrote to memory of 3268 1924 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 93 PID 1924 wrote to memory of 3268 1924 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 93 PID 1924 wrote to memory of 3268 1924 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 93 PID 1924 wrote to memory of 3268 1924 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 93 PID 1924 wrote to memory of 3268 1924 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 93 PID 1924 wrote to memory of 3268 1924 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 93 PID 1924 wrote to memory of 3268 1924 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 93 PID 3268 wrote to memory of 2808 3268 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 95 PID 3268 wrote to memory of 2808 3268 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 95 PID 3268 wrote to memory of 4556 3268 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 96 PID 3268 wrote to memory of 4556 3268 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 96 PID 3268 wrote to memory of 4556 3268 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 96 PID 3268 wrote to memory of 4556 3268 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 96 PID 3268 wrote to memory of 4556 3268 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 96 PID 3268 wrote to memory of 4556 3268 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 96 PID 3268 wrote to memory of 4556 3268 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 96 PID 3268 wrote to memory of 4556 3268 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 96 PID 3268 wrote to memory of 4556 3268 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 96 PID 3268 wrote to memory of 4556 3268 53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe 96
Processes
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4856 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe2⤵PID:4168
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe2⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4732 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe3⤵PID:2932
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe3⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:752 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe4⤵PID:4284
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe4⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1924 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe5⤵PID:4716
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe5⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3268 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe6⤵PID:2808
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe6⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:4556 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe7⤵PID:4888
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe7⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:528 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe8⤵PID:4636
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe8⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:3036 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe9⤵PID:2088
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe9⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:1312 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe10⤵PID:5076
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe10⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2212 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe11⤵PID:2076
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe11⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2236 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe12⤵PID:4608
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe12⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:5004 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe13⤵PID:2972
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe13⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:4448 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe14⤵PID:3132
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe14⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:3644 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe15⤵PID:408
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe15⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:956 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe16⤵PID:2976
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe16⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:4056 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe17⤵PID:4088
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe17⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:3876 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe18⤵PID:3084
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe18⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:4908 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe19⤵PID:4796
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe19⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2176 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe20⤵PID:912
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe20⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2668 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe21⤵PID:4876
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe21⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2904 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe22⤵PID:1408
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe22⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2368 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe23⤵PID:724
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe23⤵
- Suspicious use of SetThreadContext
PID:4508 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe24⤵PID:3656
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe24⤵
- Suspicious use of SetThreadContext
PID:4932 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe25⤵PID:1000
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe25⤵
- Suspicious use of SetThreadContext
PID:3636 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe26⤵PID:1488
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe26⤵
- Suspicious use of SetThreadContext
PID:396 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe27⤵PID:4456
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe27⤵
- Suspicious use of SetThreadContext
PID:4836 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe28⤵PID:752
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe28⤵
- Suspicious use of SetThreadContext
PID:2196 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe29⤵PID:4828
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe29⤵
- Suspicious use of SetThreadContext
PID:1912 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe30⤵PID:3312
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe30⤵
- Suspicious use of SetThreadContext
PID:3268 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe31⤵PID:428
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe31⤵
- Suspicious use of SetThreadContext
PID:3000 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe32⤵PID:5088
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe32⤵
- Suspicious use of SetThreadContext
PID:2988 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe33⤵PID:3372
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe33⤵
- Suspicious use of SetThreadContext
PID:4660 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe34⤵PID:2096
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe34⤵
- Suspicious use of SetThreadContext
PID:2644 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe35⤵PID:868
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe35⤵
- Suspicious use of SetThreadContext
PID:3452 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe36⤵PID:1832
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe36⤵
- Suspicious use of SetThreadContext
PID:4916 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe37⤵PID:2512
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe37⤵
- Suspicious use of SetThreadContext
PID:3188 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe38⤵PID:4764
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe38⤵
- Suspicious use of SetThreadContext
PID:5004 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe39⤵PID:4448
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe39⤵
- Suspicious use of SetThreadContext
PID:696 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe40⤵PID:2304
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe40⤵
- Suspicious use of SetThreadContext
PID:2452 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe41⤵PID:1280
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe41⤵
- Suspicious use of SetThreadContext
PID:5084 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe42⤵PID:4928
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe42⤵
- Suspicious use of SetThreadContext
PID:3104 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe43⤵PID:2176
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe43⤵
- Suspicious use of SetThreadContext
PID:4992 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe44⤵PID:4424
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe44⤵
- Suspicious use of SetThreadContext
PID:3196 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe45⤵PID:2080
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe45⤵
- Suspicious use of SetThreadContext
PID:984 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe46⤵PID:4436
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe46⤵
- Suspicious use of SetThreadContext
PID:4936 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe47⤵PID:2604
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe47⤵
- Suspicious use of SetThreadContext
PID:1968 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe48⤵PID:544
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe48⤵
- Suspicious use of SetThreadContext
PID:3468 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe49⤵PID:2232
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe49⤵
- Suspicious use of SetThreadContext
PID:1848 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe50⤵PID:4996
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe50⤵
- Suspicious use of SetThreadContext
PID:5008 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe51⤵PID:3556
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe51⤵
- Suspicious use of SetThreadContext
PID:228 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe52⤵PID:1232
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe52⤵
- Suspicious use of SetThreadContext
PID:436 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53⤵PID:464
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe53⤵
- Suspicious use of SetThreadContext
PID:224 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe54⤵PID:1972
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe54⤵
- Suspicious use of SetThreadContext
PID:5052 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe55⤵PID:3688
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe55⤵
- Suspicious use of SetThreadContext
PID:1076 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe56⤵PID:2040
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe56⤵
- Suspicious use of SetThreadContext
PID:1604 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe57⤵PID:4660
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe57⤵
- Suspicious use of SetThreadContext
PID:4412 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe58⤵PID:2268
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe58⤵
- Suspicious use of SetThreadContext
PID:4640 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe59⤵PID:1520
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe59⤵
- Suspicious use of SetThreadContext
PID:820 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe60⤵PID:4116
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe60⤵
- Suspicious use of SetThreadContext
PID:4292 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe61⤵PID:3764
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe61⤵
- Suspicious use of SetThreadContext
PID:4428 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe62⤵PID:2332
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe62⤵
- Suspicious use of SetThreadContext
PID:3152 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe63⤵PID:2452
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe63⤵
- Suspicious use of SetThreadContext
PID:3360 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe64⤵PID:3716
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe64⤵
- Suspicious use of SetThreadContext
PID:4256 -
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe65⤵PID:1652
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe65⤵PID:2904
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe66⤵PID:524
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe66⤵PID:4368
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe67⤵PID:4508
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe67⤵PID:2524
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe68⤵PID:3728
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe68⤵PID:3536
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe69⤵PID:3288
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe69⤵PID:4932
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe70⤵PID:1188
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe70⤵PID:1936
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe71⤵PID:3008
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe71⤵PID:3336
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe72⤵PID:4328
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe72⤵PID:896
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe73⤵PID:5016
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe73⤵PID:5008
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe74⤵PID:228
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe74⤵PID:4756
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe75⤵PID:4772
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe75⤵PID:4872
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe76⤵PID:2608
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe76⤵PID:1688
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe77⤵PID:2988
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe77⤵PID:632
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe78⤵PID:2160
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe78⤵PID:5000
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe79⤵PID:1708
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe79⤵PID:3924
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe80⤵PID:3676
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe80⤵PID:2100
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe81⤵PID:3528
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe81⤵PID:3444
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe82⤵PID:4496
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe82⤵PID:3272
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe83⤵PID:2380
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe83⤵PID:1672
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe84⤵PID:2216
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe84⤵PID:3044
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe85⤵PID:4068
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe85⤵PID:4844
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe86⤵PID:2668
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe86⤵PID:3892
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe87⤵PID:2404
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe87⤵PID:2368
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe88⤵PID:1676
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe88⤵PID:4932
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe89⤵PID:3864
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe89⤵PID:4160
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe90⤵PID:3296
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe90⤵PID:4944
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe91⤵PID:2980
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe91⤵PID:3040
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe92⤵PID:2308
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe92⤵PID:5052
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe93⤵PID:1076
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe93⤵PID:1340
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe94⤵PID:2992
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe94⤵PID:528
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe95⤵PID:4440
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe95⤵PID:1844
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe96⤵PID:4724
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe96⤵PID:3412
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe97⤵PID:3108
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe97⤵PID:2024
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe98⤵PID:3152
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe98⤵PID:3056
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe99⤵PID:4744
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe99⤵PID:1044
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe100⤵PID:3360
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe100⤵PID:4792
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe101⤵PID:1816
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe101⤵PID:4844
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe102⤵PID:3892
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe102⤵PID:3232
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe103⤵PID:2820
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe103⤵PID:4600
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe104⤵PID:3336
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe104⤵PID:4824
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe105⤵PID:4280
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe105⤵PID:1484
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe106⤵PID:4820
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe106⤵PID:1736
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe107⤵PID:2720
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe107⤵PID:2644
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe108⤵PID:4916
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe108⤵PID:688
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe109⤵PID:2212
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe109⤵PID:3048
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe110⤵PID:220
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe110⤵PID:3380
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe111⤵PID:4064
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe111⤵PID:2236
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe112⤵PID:4408
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe112⤵PID:2704
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe113⤵PID:3328
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe113⤵PID:4596
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe114⤵PID:4364
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe114⤵PID:5020
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe115⤵PID:3432
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe115⤵PID:4304
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe116⤵PID:436
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe116⤵PID:4624
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe117⤵PID:424
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe117⤵PID:3268
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe118⤵PID:5008
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe118⤵PID:1688
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe119⤵PID:2256
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe119⤵PID:4580
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe120⤵PID:512
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe120⤵PID:4832
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe121⤵PID:4144
-
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe121⤵PID:4588
-
C:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\53800f3d1109fc8cbfe155f78df4a6bf_JaffaCakes118.exe122⤵PID:2476
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-