Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
19-07-2024 22:08
Static task
static1
Behavioral task
behavioral1
Sample
5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe
-
Size
208KB
-
MD5
5ddf75a92671e6c46a2a7f6159d3d449
-
SHA1
af5a547a775ba089967e5df5ed0cce16e93a061b
-
SHA256
2d3745a243c96f1ce3ae9c5e633ddc38448c07b6b21d8c13fa2a069438c131a7
-
SHA512
439b10878be726281e8c06db93c912e82cbe6e2f7be2596079822fd75a4d396bf4a120bfc7689b1bf669726cfa07f2635c2578f99000a61c66ffcee01c7ce9e6
-
SSDEEP
6144:aWWkASeuhvzekqKrpj4hXIKXzfin3r8itQXH0IdZK2s:GkAS1hLeKFeorzKHBC
Malware Config
Signatures
-
Detect XtremeRAT payload 7 IoCs
resource yara_rule behavioral2/memory/4300-13-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral2/memory/4300-14-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral2/memory/4300-17-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral2/memory/5104-31-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral2/memory/5104-32-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral2/memory/5104-36-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat behavioral2/memory/2344-48-0x0000000000C80000-0x0000000000C96000-memory.dmp family_xtremerat -
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks computer location settings 2 TTPs 29 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe -
resource yara_rule behavioral2/memory/4300-8-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/4300-11-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/4300-13-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/4300-14-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/4300-17-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/5104-29-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/5104-31-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/5104-32-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/5104-36-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/2344-48-0x0000000000C80000-0x0000000000C96000-memory.dmp upx behavioral2/memory/2344-47-0x0000000000C80000-0x0000000000C96000-memory.dmp upx -
Suspicious use of SetThreadContext 60 IoCs
description pid Process procid_target PID 3092 set thread context of 3012 3092 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 85 PID 3012 set thread context of 4300 3012 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 86 PID 4556 set thread context of 4576 4556 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 98 PID 4576 set thread context of 5104 4576 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 99 PID 1068 set thread context of 3260 1068 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 113 PID 3260 set thread context of 2344 3260 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 114 PID 3156 set thread context of 980 3156 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 126 PID 980 set thread context of 3796 980 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 127 PID 228 set thread context of 3620 228 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 138 PID 3620 set thread context of 2996 3620 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 139 PID 3540 set thread context of 4844 3540 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 149 PID 4844 set thread context of 1292 4844 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 150 PID 3048 set thread context of 3896 3048 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 161 PID 3896 set thread context of 1020 3896 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 162 PID 4748 set thread context of 2876 4748 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 173 PID 2876 set thread context of 544 2876 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 174 PID 640 set thread context of 1792 640 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 184 PID 1792 set thread context of 2384 1792 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 185 PID 3960 set thread context of 4116 3960 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 196 PID 4116 set thread context of 3728 4116 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 197 PID 5072 set thread context of 4448 5072 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 207 PID 4448 set thread context of 4464 4448 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 208 PID 3916 set thread context of 4536 3916 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 218 PID 4536 set thread context of 1972 4536 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 219 PID 2208 set thread context of 3584 2208 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 229 PID 3584 set thread context of 2184 3584 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 230 PID 4588 set thread context of 4912 4588 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 240 PID 4912 set thread context of 2316 4912 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 241 PID 544 set thread context of 4568 544 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 251 PID 4568 set thread context of 2944 4568 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 252 PID 3728 set thread context of 796 3728 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 263 PID 796 set thread context of 5092 796 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 264 PID 5104 set thread context of 5008 5104 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 274 PID 5008 set thread context of 4184 5008 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 275 PID 4780 set thread context of 1904 4780 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 285 PID 1904 set thread context of 3948 1904 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 286 PID 4540 set thread context of 232 4540 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 296 PID 232 set thread context of 4448 232 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 297 PID 2000 set thread context of 4780 2000 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 307 PID 4780 set thread context of 4564 4780 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 308 PID 4456 set thread context of 1956 4456 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 318 PID 1956 set thread context of 4184 1956 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 319 PID 2944 set thread context of 1460 2944 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 331 PID 1460 set thread context of 1496 1460 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 332 PID 5408 set thread context of 5424 5408 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 344 PID 5424 set thread context of 5468 5424 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 345 PID 5632 set thread context of 5652 5632 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 355 PID 5652 set thread context of 5696 5652 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 356 PID 5852 set thread context of 5872 5852 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 366 PID 5872 set thread context of 5916 5872 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 367 PID 1148 set thread context of 5412 1148 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 382 PID 5412 set thread context of 5448 5412 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 383 PID 5700 set thread context of 5708 5700 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 393 PID 5708 set thread context of 5908 5708 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 394 PID 6008 set thread context of 6076 6008 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 404 PID 6076 set thread context of 4460 6076 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 405 PID 6000 set thread context of 4448 6000 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 415 PID 4448 set thread context of 5432 4448 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 416 PID 5840 set thread context of 5700 5840 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 427 PID 5700 set thread context of 5868 5700 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 428 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 30 IoCs
pid Process 3012 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 4576 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 3260 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 980 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 3620 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 4844 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 3896 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 2876 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 1792 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 4116 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 4448 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 4536 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 3584 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 4912 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 4568 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 796 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 5008 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 1904 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 232 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 4780 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 1956 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 1460 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 5424 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 5652 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 5872 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 5412 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 5708 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 6076 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 4448 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 5700 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3092 wrote to memory of 3012 3092 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 85 PID 3092 wrote to memory of 3012 3092 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 85 PID 3092 wrote to memory of 3012 3092 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 85 PID 3092 wrote to memory of 3012 3092 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 85 PID 3092 wrote to memory of 3012 3092 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 85 PID 3092 wrote to memory of 3012 3092 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 85 PID 3092 wrote to memory of 3012 3092 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 85 PID 3092 wrote to memory of 3012 3092 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 85 PID 3012 wrote to memory of 4300 3012 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 86 PID 3012 wrote to memory of 4300 3012 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 86 PID 3012 wrote to memory of 4300 3012 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 86 PID 3012 wrote to memory of 4300 3012 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 86 PID 3012 wrote to memory of 4300 3012 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 86 PID 3012 wrote to memory of 4300 3012 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 86 PID 3012 wrote to memory of 4300 3012 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 86 PID 3012 wrote to memory of 4300 3012 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 86 PID 4300 wrote to memory of 2260 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 89 PID 4300 wrote to memory of 2260 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 89 PID 4300 wrote to memory of 2260 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 89 PID 4300 wrote to memory of 1240 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 90 PID 4300 wrote to memory of 1240 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 90 PID 4300 wrote to memory of 1240 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 90 PID 4300 wrote to memory of 2160 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 91 PID 4300 wrote to memory of 2160 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 91 PID 4300 wrote to memory of 2160 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 91 PID 4300 wrote to memory of 3492 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 92 PID 4300 wrote to memory of 3492 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 92 PID 4300 wrote to memory of 3492 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 92 PID 4300 wrote to memory of 2172 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 93 PID 4300 wrote to memory of 2172 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 93 PID 4300 wrote to memory of 2172 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 93 PID 4300 wrote to memory of 4996 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 94 PID 4300 wrote to memory of 4996 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 94 PID 4300 wrote to memory of 4996 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 94 PID 4300 wrote to memory of 1724 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 95 PID 4300 wrote to memory of 1724 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 95 PID 4300 wrote to memory of 1724 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 95 PID 4300 wrote to memory of 1976 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 96 PID 4300 wrote to memory of 1976 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 96 PID 4300 wrote to memory of 4556 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 97 PID 4300 wrote to memory of 4556 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 97 PID 4300 wrote to memory of 4556 4300 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 97 PID 4556 wrote to memory of 4576 4556 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 98 PID 4556 wrote to memory of 4576 4556 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 98 PID 4556 wrote to memory of 4576 4556 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 98 PID 4556 wrote to memory of 4576 4556 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 98 PID 4556 wrote to memory of 4576 4556 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 98 PID 4556 wrote to memory of 4576 4556 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 98 PID 4556 wrote to memory of 4576 4556 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 98 PID 4556 wrote to memory of 4576 4556 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 98 PID 4576 wrote to memory of 5104 4576 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 99 PID 4576 wrote to memory of 5104 4576 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 99 PID 4576 wrote to memory of 5104 4576 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 99 PID 4576 wrote to memory of 5104 4576 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 99 PID 4576 wrote to memory of 5104 4576 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 99 PID 4576 wrote to memory of 5104 4576 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 99 PID 4576 wrote to memory of 5104 4576 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 99 PID 4576 wrote to memory of 5104 4576 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 99 PID 5104 wrote to memory of 2488 5104 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 100 PID 5104 wrote to memory of 2488 5104 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 100 PID 5104 wrote to memory of 2488 5104 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 100 PID 5104 wrote to memory of 3880 5104 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 101 PID 5104 wrote to memory of 3880 5104 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 101 PID 5104 wrote to memory of 3880 5104 5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe 101
Processes
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3092 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe2⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3012 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe3⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4300 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:3492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:2172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:4996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"4⤵PID:1976
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"4⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4556 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe5⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4576 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe6⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:5104 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:2488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:3880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:2852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:4616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:1868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:1508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:2288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"7⤵PID:1632
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"7⤵
- Suspicious use of SetThreadContext
PID:1068 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe8⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3260 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe9⤵
- Checks computer location settings
PID:2344 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:1452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:4548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:2536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:4676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:4532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:4204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"10⤵PID:940
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"10⤵
- Suspicious use of SetThreadContext
PID:3156 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe11⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:980 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe12⤵
- Checks computer location settings
PID:3796 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:4160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:4316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:4716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:1184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:3984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:2416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"13⤵PID:2872
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"13⤵
- Suspicious use of SetThreadContext
PID:228 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe14⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3620 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe15⤵
- Checks computer location settings
PID:2996 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"16⤵PID:1628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"16⤵PID:5012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"16⤵PID:4740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"16⤵PID:3092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"16⤵PID:3924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"16⤵PID:2868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"16⤵PID:4152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"16⤵PID:1712
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"16⤵
- Suspicious use of SetThreadContext
PID:3540 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe17⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4844 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe18⤵
- Checks computer location settings
PID:1292 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:2400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:1644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:4980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:3760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:2428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:4236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"19⤵PID:3404
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"19⤵
- Suspicious use of SetThreadContext
PID:3048 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe20⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3896 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe21⤵
- Checks computer location settings
PID:1020 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"22⤵PID:2492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"22⤵PID:1172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"22⤵PID:4580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"22⤵PID:1408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"22⤵PID:512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"22⤵PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"22⤵PID:3476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"22⤵PID:1684
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"22⤵
- Suspicious use of SetThreadContext
PID:4748 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe23⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:2876 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe24⤵
- Checks computer location settings
PID:544 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:3772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:4764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:3268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:3248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:3512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:1168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"25⤵PID:4488
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"25⤵
- Suspicious use of SetThreadContext
PID:640 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe26⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1792 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe27⤵
- Checks computer location settings
PID:2384 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"28⤵PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"28⤵PID:5064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"28⤵PID:3820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"28⤵PID:2964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"28⤵PID:4948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"28⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"28⤵PID:2620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"28⤵PID:4968
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"28⤵
- Suspicious use of SetThreadContext
PID:3960 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe29⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4116 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe30⤵
- Checks computer location settings
PID:3728 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:1384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:2652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:1164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:4972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:2188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:1068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:1856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"31⤵PID:4492
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"31⤵
- Suspicious use of SetThreadContext
PID:5072 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe32⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4448 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe33⤵
- Checks computer location settings
PID:4464 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"34⤵PID:2236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"34⤵PID:2296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"34⤵PID:4608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"34⤵PID:2344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"34⤵PID:860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"34⤵PID:4260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"34⤵PID:624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"34⤵PID:3684
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"34⤵
- Suspicious use of SetThreadContext
PID:3916 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe35⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4536 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe36⤵
- Checks computer location settings
PID:1972 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:4156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:4172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:4192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:4688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:1792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"37⤵PID:4268
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"37⤵
- Suspicious use of SetThreadContext
PID:2208 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe38⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:3584 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe39⤵
- Checks computer location settings
PID:2184 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"40⤵PID:2844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"40⤵PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"40⤵PID:2764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"40⤵PID:2564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"40⤵PID:3900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"40⤵PID:3048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"40⤵PID:4920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"40⤵PID:1292
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"40⤵
- Suspicious use of SetThreadContext
PID:4588 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe41⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4912 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe42⤵
- Checks computer location settings
PID:2316 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:1276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:4604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:4748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:4504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:1228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:2376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"43⤵PID:4328
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"43⤵
- Suspicious use of SetThreadContext
PID:544 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe44⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4568 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe45⤵
- Checks computer location settings
PID:2944 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"46⤵PID:468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"46⤵PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"46⤵PID:4088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"46⤵PID:316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"46⤵PID:1764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"46⤵PID:3280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"46⤵PID:1048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"46⤵PID:3356
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"46⤵
- Suspicious use of SetThreadContext
PID:3728 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe47⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:796 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe48⤵
- Checks computer location settings
PID:5092 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:3372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:1864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:4464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:3136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"49⤵PID:1056
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"49⤵
- Suspicious use of SetThreadContext
PID:5104 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe50⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5008 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe51⤵
- Checks computer location settings
PID:4184 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"52⤵PID:1028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"52⤵PID:2772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"52⤵PID:1080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"52⤵PID:3468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"52⤵PID:768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"52⤵PID:1232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"52⤵PID:4424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"52⤵PID:4556
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"52⤵
- Suspicious use of SetThreadContext
PID:4780 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe53⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1904 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe54⤵
- Checks computer location settings
PID:3948 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:3728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:2640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:2936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:1020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:1372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:4388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:3132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"55⤵PID:2792
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"55⤵
- Suspicious use of SetThreadContext
PID:4540 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe56⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:232 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe57⤵
- Checks computer location settings
PID:4448 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"58⤵PID:3596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"58⤵PID:1968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"58⤵PID:544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"58⤵PID:2060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"58⤵PID:3432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"58⤵PID:2220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"58⤵PID:4568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"58⤵PID:3584
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"58⤵
- Suspicious use of SetThreadContext
PID:2000 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe59⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4780 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe60⤵
- Checks computer location settings
PID:4564 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:3152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:3884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:2476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:3832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:2252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"61⤵PID:3464
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"61⤵
- Suspicious use of SetThreadContext
PID:4456 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe62⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1956 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe63⤵
- Checks computer location settings
PID:4184 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"64⤵PID:5072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"64⤵PID:4984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"64⤵PID:1720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"64⤵PID:3796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"64⤵PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"64⤵PID:2928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"64⤵PID:3572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"64⤵PID:1500
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"64⤵
- Suspicious use of SetThreadContext
PID:2944 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe65⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:1460 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe66⤵
- Checks computer location settings
PID:1496 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"67⤵PID:2412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"67⤵PID:5316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"67⤵PID:5336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"67⤵PID:5344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"67⤵PID:5356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"67⤵PID:5364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"67⤵PID:5376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"67⤵PID:5384
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"67⤵
- Suspicious use of SetThreadContext
PID:5408 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe68⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5424 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe69⤵
- Checks computer location settings
PID:5468 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"70⤵PID:5524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"70⤵PID:5532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"70⤵PID:5544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"70⤵PID:5552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"70⤵PID:5564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"70⤵PID:5588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"70⤵PID:5600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"70⤵PID:5608
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"70⤵
- Suspicious use of SetThreadContext
PID:5632 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe71⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5652 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe72⤵
- Checks computer location settings
PID:5696 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"73⤵PID:5752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"73⤵PID:5760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"73⤵PID:5776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"73⤵PID:5784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"73⤵PID:5796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"73⤵PID:5804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"73⤵PID:5816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"73⤵PID:5824
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"73⤵
- Suspicious use of SetThreadContext
PID:5852 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe74⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5872 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe75⤵
- Checks computer location settings
PID:5916 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"76⤵PID:6028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"76⤵PID:4280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"76⤵PID:3564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"76⤵PID:2756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"76⤵PID:800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"76⤵PID:4284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"76⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"76⤵PID:2580
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"76⤵
- Suspicious use of SetThreadContext
PID:1148 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe77⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5412 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe78⤵
- Checks computer location settings
PID:5448 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"79⤵PID:5504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"79⤵PID:5624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"79⤵PID:5480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"79⤵PID:5632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"79⤵PID:5676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"79⤵PID:5716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"79⤵PID:5640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"79⤵PID:5792
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"79⤵
- Suspicious use of SetThreadContext
PID:5700 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe80⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5708 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe81⤵
- Checks computer location settings
PID:5908 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"82⤵PID:5256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"82⤵PID:5288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"82⤵PID:5224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"82⤵PID:5328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"82⤵PID:5172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"82⤵PID:5244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"82⤵PID:5156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"82⤵PID:6044
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"82⤵
- Suspicious use of SetThreadContext
PID:6008 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe83⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:6076 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe84⤵
- Checks computer location settings
PID:4460 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"85⤵PID:5972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"85⤵PID:3580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"85⤵PID:6064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"85⤵PID:5992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"85⤵PID:4964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"85⤵PID:5860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"85⤵PID:4288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"85⤵PID:3452
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"85⤵
- Suspicious use of SetThreadContext
PID:6000 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe86⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:4448 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe87⤵
- Checks computer location settings
PID:5432 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"88⤵PID:5596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"88⤵PID:5436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"88⤵PID:2572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"88⤵PID:1960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"88⤵PID:752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"88⤵PID:5684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"88⤵PID:1428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"88⤵PID:1556
-
-
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe"88⤵
- Suspicious use of SetThreadContext
PID:5840 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe89⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
PID:5700 -
C:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\5ddf75a92671e6c46a2a7f6159d3d449_JaffaCakes118.exe90⤵PID:5868
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"91⤵PID:5264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"91⤵PID:3660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"91⤵PID:3612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"91⤵PID:5092
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5d225596f2f54a23f71046bf01dfbf7d3
SHA17b34281395715a63c3f902b0d3a4dba7a876e880
SHA2562b2b8e85cdc56bf2943c7ac6b6f88d1fc13c1edc52844b2af2a92f38998e3e2b
SHA512c1791d26644c48287020019aa457bb78332668af1880fe9e8edf5a57824add93949bdd3123baebab6ae3af263b43175363631abc0e8c7cbe8f6be2151aff6099