Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
18-07-2024 15:21
Static task
static1
Behavioral task
behavioral1
Sample
57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe
-
Size
794KB
-
MD5
57f3516f894bbbbc8e5db3e5039c39b9
-
SHA1
696579a0255e9b22a9e7fa78f83f849cc33a8de7
-
SHA256
1d12bc425e604295c722ff2bea25e63c6ce3b7bcc9ddbd2ae2311dd734199a60
-
SHA512
f1e6d141b3c65b6a28422c43571c2eaa52fb05433b11f05e3065579629473133c29d4623c7873d69907a770fe57678208d6dcc674cda0156459188c33041c1e9
-
SSDEEP
12288:TeOvpyCRfHsdeU8p0U3Ecr+Oz/l2/nZDcZaj44vqd:Ciy8Hsd+p0CTdzd2/nZDTDG
Malware Config
Extracted
xtremerat
ala.no-ip.biz
Signatures
-
Detect XtremeRAT payload 31 IoCs
Processes:
resource yara_rule behavioral2/memory/436-14-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/1636-17-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/1056-37-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/4592-49-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/1960-55-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/3412-60-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/4972-63-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/1776-74-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/4348-80-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/5008-91-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/344-97-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/1116-103-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/1860-109-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/888-116-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/1448-121-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/556-132-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/4520-138-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/4744-144-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/2180-151-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/1612-155-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/2808-158-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/5200-162-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/5280-165-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/5596-174-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/5496-177-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/5664-183-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/5816-192-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/5944-193-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/6008-195-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/1528-206-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat behavioral2/memory/5160-212-0x0000000000C80000-0x0000000000DFD000-memory.dmp family_xtremerat -
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 64 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
Processes:
57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exedescription ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe restart" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2} 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe -
Checks computer location settings 2 TTPs 64 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exedescription ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe -
Executes dropped EXE 64 IoCs
Processes:
57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exepid Process 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4592 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 1960 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3412 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4972 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 1776 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4348 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 5008 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 344 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 1116 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 1860 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 888 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 1448 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 556 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4520 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4744 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2180 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2808 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 1612 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 5200 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 5280 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 5496 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 5596 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 5664 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 5816 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 5944 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 6008 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 1528 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 5160 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 5516 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 5304 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 5636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4508 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2564 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 5004 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 5500 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4804 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 6012 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 2868 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4168 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 4520 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 5636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3568 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 6032 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 1632 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 3804 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 1016 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 6192 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 6272 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 6328 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 6556 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 6632 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 6704 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 6744 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 6628 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 6776 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 6816 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 6908 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 1016 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 6880 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 6932 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 6212 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 7040 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 7048 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe -
Molebox Virtualization software 1 IoCs
Detects file using Molebox Virtualization software.
Processes:
resource yara_rule behavioral2/files/0x0007000000023516-16.dat molebox -
Processes:
resource yara_rule behavioral2/memory/436-14-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/1636-17-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/1056-37-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/4592-49-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/1960-55-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/3412-60-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/4972-63-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/1776-74-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/4348-80-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/5008-91-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/344-97-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/1116-103-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/1860-109-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/888-116-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/1448-121-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/556-132-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/4520-138-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/4744-144-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/2180-151-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/1612-155-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/2808-158-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/5200-162-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/5280-165-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/5596-174-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/5496-177-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/5664-183-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/5816-192-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/5944-193-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/6008-195-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/1528-206-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx behavioral2/memory/5160-212-0x0000000000C80000-0x0000000000DFD000-memory.dmp upx -
Adds Run key to start application 2 TTPs 64 IoCs
Processes:
57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exedescription ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe" 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
Processes:
svchost.exedescription ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ svchost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exesvchost.exedescription pid Process procid_target PID 1636 wrote to memory of 436 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 84 PID 1636 wrote to memory of 436 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 84 PID 1636 wrote to memory of 436 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 84 PID 1636 wrote to memory of 436 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 84 PID 1636 wrote to memory of 3956 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 86 PID 1636 wrote to memory of 3956 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 86 PID 1636 wrote to memory of 3956 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 86 PID 1636 wrote to memory of 216 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 89 PID 1636 wrote to memory of 216 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 89 PID 1636 wrote to memory of 216 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 89 PID 1636 wrote to memory of 3656 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 90 PID 1636 wrote to memory of 3656 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 90 PID 1636 wrote to memory of 3656 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 90 PID 1636 wrote to memory of 4696 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 91 PID 1636 wrote to memory of 4696 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 91 PID 1636 wrote to memory of 4696 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 91 PID 1636 wrote to memory of 4536 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 92 PID 1636 wrote to memory of 4536 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 92 PID 1636 wrote to memory of 4536 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 92 PID 1636 wrote to memory of 3152 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 93 PID 1636 wrote to memory of 3152 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 93 PID 1636 wrote to memory of 3152 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 93 PID 1636 wrote to memory of 4368 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 96 PID 1636 wrote to memory of 4368 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 96 PID 1636 wrote to memory of 4368 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 96 PID 1636 wrote to memory of 2260 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 98 PID 1636 wrote to memory of 2260 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 98 PID 1636 wrote to memory of 1056 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 100 PID 1636 wrote to memory of 1056 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 100 PID 1636 wrote to memory of 1056 1636 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 100 PID 1056 wrote to memory of 736 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 101 PID 1056 wrote to memory of 736 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 101 PID 1056 wrote to memory of 736 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 101 PID 1056 wrote to memory of 2548 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 102 PID 1056 wrote to memory of 2548 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 102 PID 1056 wrote to memory of 2548 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 102 PID 1056 wrote to memory of 3228 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 103 PID 1056 wrote to memory of 3228 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 103 PID 1056 wrote to memory of 3228 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 103 PID 1056 wrote to memory of 920 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 104 PID 1056 wrote to memory of 920 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 104 PID 1056 wrote to memory of 920 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 104 PID 1056 wrote to memory of 1740 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 106 PID 1056 wrote to memory of 1740 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 106 PID 1056 wrote to memory of 1740 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 106 PID 1056 wrote to memory of 4352 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 107 PID 1056 wrote to memory of 4352 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 107 PID 1056 wrote to memory of 4352 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 107 PID 1056 wrote to memory of 2224 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 108 PID 1056 wrote to memory of 2224 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 108 PID 1056 wrote to memory of 2224 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 108 PID 1056 wrote to memory of 4036 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 109 PID 1056 wrote to memory of 4036 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 109 PID 1056 wrote to memory of 4592 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 110 PID 1056 wrote to memory of 4592 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 110 PID 1056 wrote to memory of 4592 1056 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 110 PID 4592 wrote to memory of 2800 4592 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 111 PID 4592 wrote to memory of 2800 4592 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 111 PID 4592 wrote to memory of 2800 4592 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 111 PID 436 wrote to memory of 1960 436 svchost.exe 113 PID 436 wrote to memory of 1960 436 svchost.exe 113 PID 436 wrote to memory of 1960 436 svchost.exe 113 PID 4592 wrote to memory of 4704 4592 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 114 PID 4592 wrote to memory of 4704 4592 57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe 114
Processes
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"1⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1636 -
C:\Windows\SysWOW64\svchost.exesvchost.exe2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:436 -
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:1960 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1428
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:4972 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1484
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:1776 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:1736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:3636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:2660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:1616
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:5008 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:2284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:3484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:1504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:3828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:3448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:3668
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"7⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:1860 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:2476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:4912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:2440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:4384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:3300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:4516
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"8⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:556 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:1964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:1812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:4928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:4720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:344
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"9⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:2808 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:4624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:5140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:5312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:5360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:5388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:5412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:5440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:5464
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"10⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:5496 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:5540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:5564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:5616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:5688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:5728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:5748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:5764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:5784
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"11⤵
- Executes dropped EXE
PID:5816 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:5860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:5880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:5896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:5968
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:4348 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2576
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:344 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:3492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1744
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Checks computer location settings
- Executes dropped EXE
PID:888 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:2096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:1056
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"6⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:4520 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:2132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:3700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:1448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:3412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:3224
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"7⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1612 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:5184
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:1116 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4808
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:1448 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:3260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4640
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:4744 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:3852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5124
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:5200 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5456
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:2180 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5228
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:5280 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5572
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Executes dropped EXE
PID:5596 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5652
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:5664 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5920
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Executes dropped EXE
- Adds Run key to start application
PID:5944 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5996
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:6008 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6136
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
PID:1528 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:3580
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:5516 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:1988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6088
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:4508 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:1348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:3880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:2664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5624
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"7⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:5500 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:4420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:3240
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:5160 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5484
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:5304 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5132
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2564 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:2276
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:5636 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6044
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:5004 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5048
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
PID:4804 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:2908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4040
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:2868 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:2020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:2228
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:5636 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4656
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:6012 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2808
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:4168 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:3808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5580
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:3568 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:3888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:2940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:3652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6108
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:1632 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:5608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:6148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:6168
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"7⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:6192 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:6248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:6348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:6392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:6416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:6444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:6468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:6500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:6524
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"8⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:6556 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:6608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:6736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:6820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:6844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:7076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:6344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:6552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:6600
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"9⤵
- Executes dropped EXE
PID:6628 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:6340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:6632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:6864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:6712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:6792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:6752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:6308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:6268
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"10⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1016 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:1704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:6936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:6900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:6284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:7120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:6232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:6760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:6696
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"11⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:6212 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:5528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:6276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:7036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:7188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:7220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:7268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:7312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:7364
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"12⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
PID:7416 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:7460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:7548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:7620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:7776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:7828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:7864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:7896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:7936
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"13⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
PID:7976 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"14⤵PID:8028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"14⤵PID:8104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"14⤵PID:8152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"14⤵PID:6212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"14⤵PID:7604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"14⤵PID:6628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"14⤵PID:2116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"14⤵PID:3872
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"14⤵
- Checks computer location settings
PID:7676 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:1732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:8024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:8124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:7760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:8092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:7564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:2948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"15⤵PID:6920
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"15⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Adds Run key to start application
PID:7980 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"16⤵PID:7796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"16⤵PID:7676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"16⤵PID:7984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"16⤵PID:1824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"16⤵PID:8284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"16⤵PID:8340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"16⤵PID:8372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"16⤵PID:8408
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"16⤵
- Checks computer location settings
- Adds Run key to start application
PID:8448 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:8496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:8568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:8620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:8708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:8784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:8880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:8984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"17⤵PID:9168
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"17⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:7636 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"18⤵PID:2176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"18⤵PID:6728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"18⤵PID:7348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"18⤵PID:8696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"18⤵PID:8868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"18⤵PID:8480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"18⤵PID:9176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"18⤵PID:6956
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"18⤵
- Boot or Logon Autostart Execution: Active Setup
PID:8556 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:8752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:8760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:8820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:8964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:8444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:8304
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Executes dropped EXE
PID:4520
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
PID:6032 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4520
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Executes dropped EXE
PID:3804
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:1016 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6224
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:6272 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6580
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Executes dropped EXE
- Adds Run key to start application
PID:6632 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6680
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:6328 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6656
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
PID:6704 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:5480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6700
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:6776 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:5532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:1900
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Adds Run key to start application
PID:6880 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:3692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:6876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:6544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:6676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:6280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7100
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"7⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:7040 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:3660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:7108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:7196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:7228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:7276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:7332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:7376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:7480
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"8⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Adds Run key to start application
PID:7520 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:7580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:7652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:7784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:7836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:7872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:7904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:7944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:8036
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"9⤵
- Checks computer location settings
PID:8080 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:8128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:8176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:7512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:7608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:7668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:7732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:7724
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"10⤵
- Adds Run key to start application
PID:7964 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:7524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:7748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:6940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:7416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:7444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:7172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"11⤵PID:6996
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"11⤵
- Checks computer location settings
- Adds Run key to start application
PID:1040 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:8052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:7804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:8220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:8292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:8348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:8380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:8416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"12⤵PID:8504
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"12⤵
- Checks computer location settings
- Adds Run key to start application
PID:8536 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:8596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:8628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:8720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:8792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:8892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:9028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:9180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:8260
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"13⤵
- Boot or Logon Autostart Execution: Active Setup
PID:8200 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"14⤵PID:7980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"14⤵PID:8524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"14⤵PID:2244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"14⤵PID:9036
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
PID:6744 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6328
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Executes dropped EXE
PID:6816
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
PID:6908 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6264
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
PID:6932 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:6652
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
PID:7048 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7588
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Adds Run key to start application
PID:7628 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7692
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Checks computer location settings
- Adds Run key to start application
PID:6312 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7612
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
PID:7700 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:8000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:8072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:8144
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
PID:8184 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:4556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:3368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7520
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"6⤵
- Checks computer location settings
PID:7716 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:1132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:6692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:7532
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"7⤵
- Checks computer location settings
PID:6928 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:7704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:8252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:8328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:8364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:8396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:8472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:8560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"8⤵PID:8612
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"8⤵
- Checks computer location settings
- Adds Run key to start application
PID:8652 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:8700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:8736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:8848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:8908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:9152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:3296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:8164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"9⤵PID:8404
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"9⤵
- Boot or Logon Autostart Execution: Active Setup
PID:1040 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:6928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:8768
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
PID:7756 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:8044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:8136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1160
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
PID:7396 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:1604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:8056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7700
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Checks computer location settings
PID:6548 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:1768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:2888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:7424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:3132
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"6⤵
- Boot or Logon Autostart Execution: Active Setup
PID:8164 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:8244
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
PID:7504 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:5908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:8100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7792
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Adds Run key to start application
PID:6928 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:4856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:8080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:8188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:7988
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Adds Run key to start application
PID:8264 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:8316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:8356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:8388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:8424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:8512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:8604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:8672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:8728
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Adds Run key to start application
PID:8760 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:8824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:8900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:9112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:9192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:8492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:6860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:8300
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Adds Run key to start application
PID:8264 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:8948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:2368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:8576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:8432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:8756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:9008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:8836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:6592
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"6⤵PID:8196
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:3352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:8008
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Checks computer location settings
- Adds Run key to start application
PID:8816 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:8872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:8916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:9160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:7456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:8680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:8800
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Checks computer location settings
- Adds Run key to start application
PID:9052 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:8956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:8240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:8540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:8668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:8272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:8856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:8932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:8452
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"5⤵
- Adds Run key to start application
PID:8204 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"6⤵PID:9048
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:8992 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:9204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:8312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:8544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:8776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:8864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:9024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:8588
-
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
PID:8440 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:9052
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵PID:3956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵PID:216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵PID:3656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵PID:4696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵PID:4536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵PID:3152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"2⤵PID:2260
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"2⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1056 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:2548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:3228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:1740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:4352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:2224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:4036
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"3⤵
- Boot or Logon Autostart Execution: Active Setup
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4592 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4828
-
-
C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\57f3516f894bbbbc8e5db3e5039c39b9_JaffaCakes118.exe"4⤵
- Executes dropped EXE
PID:3412 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"5⤵PID:3264
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
794KB
MD557f3516f894bbbbc8e5db3e5039c39b9
SHA1696579a0255e9b22a9e7fa78f83f849cc33a8de7
SHA2561d12bc425e604295c722ff2bea25e63c6ce3b7bcc9ddbd2ae2311dd734199a60
SHA512f1e6d141b3c65b6a28422c43571c2eaa52fb05433b11f05e3065579629473133c29d4623c7873d69907a770fe57678208d6dcc674cda0156459188c33041c1e9
-
Filesize
1KB
MD556f790849131cc9097bf01d1f0ed1a19
SHA1f08cce747c9c243bd318c8a9419a7e65497de6f9
SHA2565a24b16fd95080f676e66243769ab5a67b02b34a8d1063f6d1834c5127d03c90
SHA512b5591abe11c235ced3031d7fe2f9cc523979939de91b691e27eb9a0387861017ea8232639e5de0210b89987e1482592bdc2bd7f7c22bbfd3b2df032a9307f414