Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
19-07-2024 22:08
Static task
static1
Behavioral task
behavioral1
Sample
5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
-
Size
208KB
-
MD5
5ddf75a92671e6c46a2a7f6159d3d449
-
SHA1
af5a547a775ba089967e5df5ed0cce16e93a061b
-
SHA256
2d3745a243c96f1ce3ae9c5e633ddc38448c07b6b21d8c13fa2a069438c131a7
-
SHA512
439b10878be726281e8c06db93c912e82cbe6e2f7be2596079822fd75a4d396bf4a120bfc7689b1bf669726cfa07f2635c2578f99000a61c66ffcee01c7ce9e6
-
SSDEEP
6144:aWWkASeuhvzekqKrpj4hXIKXzfin3r8itQXH0IdZK2s:GkAS1hLeKFeorzKHBC
Malware Config
Signatures
-
Detect XtremeRAT payload 5 IoCs
resource yara_rule behavioral1/memory/2044-22-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral1/memory/2044-23-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral1/memory/2044-26-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral1/memory/2356-51-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral1/memory/2356-53-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat -
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
resource yara_rule behavioral1/memory/2044-18-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral1/memory/2044-21-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral1/memory/2044-22-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral1/memory/2044-23-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral1/memory/2044-26-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral1/memory/2356-51-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral1/memory/2356-53-0x0000000000C80000-0x0000000000C96000-memory.dmp upx -
Suspicious use of SetThreadContext 52 IoCs
description pid Process procid_target PID 1908 set thread context of 2280 1908 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 31 PID 2280 set thread context of 2044 2280 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 32 PID 2812 set thread context of 2692 2812 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 42 PID 2692 set thread context of 2356 2692 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 43 PID 552 set thread context of 560 552 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 53 PID 560 set thread context of 1076 560 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 54 PID 2336 set thread context of 2628 2336 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 64 PID 2628 set thread context of 2872 2628 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 65 PID 2232 set thread context of 1832 2232 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 75 PID 1832 set thread context of 936 1832 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 76 PID 612 set thread context of 964 612 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 86 PID 964 set thread context of 2792 964 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 87 PID 1268 set thread context of 2296 1268 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 97 PID 2296 set thread context of 1956 2296 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 98 PID 3052 set thread context of 1628 3052 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 108 PID 1628 set thread context of 2156 1628 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 109 PID 2520 set thread context of 2544 2520 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 119 PID 2544 set thread context of 2480 2544 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 120 PID 1848 set thread context of 1988 1848 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 130 PID 1988 set thread context of 1888 1988 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 131 PID 432 set thread context of 784 432 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 141 PID 784 set thread context of 2720 784 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 142 PID 2372 set thread context of 572 2372 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 152 PID 572 set thread context of 3028 572 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 153 PID 2072 set thread context of 2140 2072 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 163 PID 2140 set thread context of 2828 2140 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 164 PID 2064 set thread context of 1152 2064 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 174 PID 1152 set thread context of 2336 1152 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 175 PID 948 set thread context of 3008 948 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 185 PID 3008 set thread context of 1804 3008 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 186 PID 2008 set thread context of 1928 2008 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 196 PID 1928 set thread context of 2144 1928 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 197 PID 2036 set thread context of 2632 2036 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 207 PID 2632 set thread context of 2548 2632 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 208 PID 2836 set thread context of 804 2836 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 218 PID 804 set thread context of 1072 804 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 219 PID 1268 set thread context of 2196 1268 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 229 PID 2196 set thread context of 1168 2196 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 230 PID 552 set thread context of 672 552 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 240 PID 672 set thread context of 1688 672 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 241 PID 2068 set thread context of 2128 2068 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 251 PID 2128 set thread context of 2180 2128 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 252 PID 592 set thread context of 2588 592 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 262 PID 2588 set thread context of 3028 2588 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 263 PID 516 set thread context of 1084 516 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 273 PID 1084 set thread context of 836 1084 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 274 PID 1784 set thread context of 2168 1784 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 284 PID 2168 set thread context of 2180 2168 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 285 PID 3104 set thread context of 3112 3104 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 295 PID 3112 set thread context of 3184 3112 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 296 PID 3316 set thread context of 3328 3316 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 306 PID 3328 set thread context of 3400 3328 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 307 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 26 IoCs
pid Process 2280 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 2692 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 560 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 2628 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 1832 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 964 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 2296 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 1628 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 2544 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 1988 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 784 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 572 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 2140 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 1152 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 3008 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 1928 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 2632 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 804 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 2196 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 672 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 2128 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 2588 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 1084 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 2168 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 3112 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 3328 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1908 wrote to memory of 2280 1908 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 31 PID 1908 wrote to memory of 2280 1908 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 31 PID 1908 wrote to memory of 2280 1908 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 31 PID 1908 wrote to memory of 2280 1908 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 31 PID 1908 wrote to memory of 2280 1908 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 31 PID 1908 wrote to memory of 2280 1908 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 31 PID 1908 wrote to memory of 2280 1908 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 31 PID 1908 wrote to memory of 2280 1908 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 31 PID 1908 wrote to memory of 2280 1908 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 31 PID 2280 wrote to memory of 2044 2280 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 32 PID 2280 wrote to memory of 2044 2280 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 32 PID 2280 wrote to memory of 2044 2280 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 32 PID 2280 wrote to memory of 2044 2280 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 32 PID 2280 wrote to memory of 2044 2280 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 32 PID 2280 wrote to memory of 2044 2280 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 32 PID 2280 wrote to memory of 2044 2280 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 32 PID 2280 wrote to memory of 2044 2280 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 32 PID 2280 wrote to memory of 2044 2280 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 32 PID 2044 wrote to memory of 2736 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 33 PID 2044 wrote to memory of 2736 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 33 PID 2044 wrote to memory of 2736 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 33 PID 2044 wrote to memory of 2736 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 33 PID 2044 wrote to memory of 2736 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 33 PID 2044 wrote to memory of 2740 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 34 PID 2044 wrote to memory of 2740 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 34 PID 2044 wrote to memory of 2740 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 34 PID 2044 wrote to memory of 2740 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 34 PID 2044 wrote to memory of 2740 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 34 PID 2044 wrote to memory of 2772 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 35 PID 2044 wrote to memory of 2772 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 35 PID 2044 wrote to memory of 2772 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 35 PID 2044 wrote to memory of 2772 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 35 PID 2044 wrote to memory of 2772 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 35 PID 2044 wrote to memory of 2908 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 36 PID 2044 wrote to memory of 2908 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 36 PID 2044 wrote to memory of 2908 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 36 PID 2044 wrote to memory of 2908 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 36 PID 2044 wrote to memory of 2908 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 36 PID 2044 wrote to memory of 2684 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 37 PID 2044 wrote to memory of 2684 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 37 PID 2044 wrote to memory of 2684 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 37 PID 2044 wrote to memory of 2684 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 37 PID 2044 wrote to memory of 2684 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 37 PID 2044 wrote to memory of 2652 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 38 PID 2044 wrote to memory of 2652 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 38 PID 2044 wrote to memory of 2652 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 38 PID 2044 wrote to memory of 2652 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 38 PID 2044 wrote to memory of 2652 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 38 PID 2044 wrote to memory of 2660 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 39 PID 2044 wrote to memory of 2660 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 39 PID 2044 wrote to memory of 2660 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 39 PID 2044 wrote to memory of 2660 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 39 PID 2044 wrote to memory of 2660 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 39 PID 2044 wrote to memory of 3060 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 40 PID 2044 wrote to memory of 3060 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 40 PID 2044 wrote to memory of 3060 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 40 PID 2044 wrote to memory of 3060 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 40 PID 2044 wrote to memory of 2812 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 41 PID 2044 wrote to memory of 2812 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 41 PID 2044 wrote to memory of 2812 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 41 PID 2044 wrote to memory of 2812 2044 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 41 PID 2812 wrote to memory of 2692 2812 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 42 PID 2812 wrote to memory of 2692 2812 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 42 PID 2812 wrote to memory of 2692 2812 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 42
Processes
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1908 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe2⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2280 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe3⤵
- Suspicious use of WriteProcessMemory
PID:2044 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2736
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2740
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2772
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2908
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2684
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2652
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2660
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:3060
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"4⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2812 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe5⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2692 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe6⤵PID:2356
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:3000
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2984
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2576
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2308
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2988
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:2568
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1768
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵PID:1912
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"7⤵
- Suspicious use of SetThreadContext
PID:552 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe8⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:560 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe9⤵PID:1076
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1100
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1788
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2084
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:2320
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1636
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1440
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1276
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵PID:1992
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"10⤵
- Suspicious use of SetThreadContext
PID:2336 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe11⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2628 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe12⤵PID:2872
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:2996
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:1088
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:2428
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:2368
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:2216
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:2364
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:2904
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"13⤵PID:2624
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"13⤵
- Suspicious use of SetThreadContext
PID:2232 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe14⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1832 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe15⤵PID:936
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:1844
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:1752
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:288
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:2952
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:1056
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:1456
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:2020
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"16⤵PID:3056
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"16⤵
- Suspicious use of SetThreadContext
PID:612 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe17⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:964 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe18⤵PID:2792
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:1708
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:1920
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:112
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:2220
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:2496
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:2236
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:1236
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"19⤵PID:2972
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"19⤵
- Suspicious use of SetThreadContext
PID:1268 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe20⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2296 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe21⤵PID:1956
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:2460
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:3020
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:3012
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:1596
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:1712
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:1904
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:1908
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"22⤵PID:2284
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"22⤵
- Suspicious use of SetThreadContext
PID:3052 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe23⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1628 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe24⤵PID:2156
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:2176
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:2800
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:2560
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:2864
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:2664
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:2708
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:2572
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"25⤵PID:2756
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"25⤵
- Suspicious use of SetThreadContext
PID:2520 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe26⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2544 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe27⤵PID:2480
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:1572
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:1140
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:1560
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:1676
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:2500
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:2024
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:1840
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"28⤵PID:1732
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"28⤵
- Suspicious use of SetThreadContext
PID:1848 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe29⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1988 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe30⤵PID:1888
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:1964
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:2724
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:1592
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:2192
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:2080
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:2416
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:2420
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"31⤵PID:2232
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"31⤵
- Suspicious use of SetThreadContext
PID:432 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe32⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:784 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe33⤵PID:2720
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"34⤵PID:1020
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"34⤵PID:1568
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"34⤵PID:1308
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"34⤵PID:1836
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"34⤵PID:1812
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"34⤵PID:2512
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"34⤵PID:1724
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"34⤵PID:988
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"34⤵
- Suspicious use of SetThreadContext
PID:2372 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe35⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:572 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe36⤵PID:3028
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵PID:2928
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵PID:888
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵PID:1756
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵PID:1412
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵PID:876
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵PID:1960
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵PID:3052
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"37⤵PID:1916
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"37⤵
- Suspicious use of SetThreadContext
PID:2072 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe38⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2140 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe39⤵PID:2828
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"40⤵PID:2592
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"40⤵PID:2980
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"40⤵PID:2392
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"40⤵PID:2116
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"40⤵PID:2316
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"40⤵PID:2504
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"40⤵PID:2600
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"40⤵PID:692
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"40⤵
- Suspicious use of SetThreadContext
PID:2064 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe41⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1152 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe42⤵PID:2336
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵PID:584
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵PID:2860
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵PID:2244
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵PID:2848
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵PID:2872
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵PID:1772
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵PID:1888
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"43⤵PID:2824
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"43⤵
- Suspicious use of SetThreadContext
PID:948 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe44⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3008 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe45⤵PID:1804
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"46⤵PID:768
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"46⤵PID:1148
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"46⤵PID:2332
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"46⤵PID:928
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"46⤵PID:1948
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"46⤵PID:832
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"46⤵PID:2720
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"46⤵PID:1728
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"46⤵
- Suspicious use of SetThreadContext
PID:2008 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe47⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1928 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe48⤵PID:2144
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵PID:2960
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵PID:1760
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵PID:236
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵PID:1284
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵PID:2072
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵PID:3044
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵PID:2636
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"49⤵PID:2092
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"49⤵
- Suspicious use of SetThreadContext
PID:2036 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe50⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2632 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe51⤵PID:2548
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"52⤵PID:2300
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"52⤵PID:940
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"52⤵PID:1008
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"52⤵PID:1464
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"52⤵PID:1076
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"52⤵PID:576
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"52⤵PID:524
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"52⤵PID:2712
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"52⤵
- Suspicious use of SetThreadContext
PID:2836 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe53⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:804 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe54⤵PID:1072
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵PID:900
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵PID:1380
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵PID:2136
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵PID:2584
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵PID:984
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵PID:2312
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵PID:2008
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"55⤵PID:2944
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"55⤵
- Suspicious use of SetThreadContext
PID:1268 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe56⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2196 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe57⤵PID:1168
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"58⤵PID:2644
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"58⤵PID:2156
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"58⤵PID:2780
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"58⤵PID:2696
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"58⤵PID:1488
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"58⤵PID:1944
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"58⤵PID:2224
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"58⤵PID:2524
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"58⤵
- Suspicious use of SetThreadContext
PID:552 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe59⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:672 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe60⤵PID:1688
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵PID:1544
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵PID:1632
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵PID:688
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵PID:316
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵PID:936
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵PID:2384
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵PID:1972
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"61⤵PID:1268
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"61⤵
- Suspicious use of SetThreadContext
PID:2068 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe62⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2128 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe63⤵PID:2180
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"64⤵PID:1848
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"64⤵PID:308
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"64⤵PID:1480
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"64⤵PID:2616
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"64⤵PID:2336
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"64⤵PID:1112
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"64⤵PID:2408
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"64⤵PID:796
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"64⤵
- Suspicious use of SetThreadContext
PID:592 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe65⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2588 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe66⤵PID:3028
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"67⤵PID:1932
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"67⤵PID:2520
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"67⤵PID:2680
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"67⤵PID:1496
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"67⤵PID:1128
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"67⤵PID:2836
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"67⤵PID:2812
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"67⤵PID:1644
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"67⤵
- Suspicious use of SetThreadContext
PID:516 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe68⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1084 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe69⤵PID:836
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"70⤵PID:2676
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"70⤵PID:592
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"70⤵PID:704
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"70⤵PID:1072
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"70⤵PID:2464
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"70⤵PID:3036
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"70⤵PID:1744
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"70⤵PID:580
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"70⤵
- Suspicious use of SetThreadContext
PID:1784 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe71⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2168 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe72⤵PID:2180
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"73⤵PID:836
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"73⤵PID:1784
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"73⤵PID:628
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"73⤵PID:1688
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"73⤵PID:2932
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"73⤵PID:880
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"73⤵PID:3080
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"73⤵PID:3088
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"73⤵
- Suspicious use of SetThreadContext
PID:3104 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe74⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3112 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe75⤵PID:3184
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"76⤵PID:3232
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"76⤵PID:3244
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"76⤵PID:3256
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"76⤵PID:3264
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"76⤵PID:3276
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"76⤵PID:3284
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"76⤵PID:3296
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"76⤵PID:3304
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"76⤵
- Suspicious use of SetThreadContext
PID:3316 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe77⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3328 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe78⤵PID:3400
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5d225596f2f54a23f71046bf01dfbf7d3
SHA17b34281395715a63c3f902b0d3a4dba7a876e880
SHA2562b2b8e85cdc56bf2943c7ac6b6f88d1fc13c1edc52844b2af2a92f38998e3e2b
SHA512c1791d26644c48287020019aa457bb78332668af1880fe9e8edf5a57824add93949bdd3123baebab6ae3af263b43175363631abc0e8c7cbe8f6be2151aff6099