3904f6f8cc9166588d1bff007fab64e4f786a34f5f5ce86d260119d441f30a0f

Analysis

max time kernel
150s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 11:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Size

80KB
MD5

5bc2cc52519eb794d83a59c1c184d20f
SHA1

9f9817ea1ee0a4371376224963a3fb650fb260a8
SHA256

3904f6f8cc9166588d1bff007fab64e4f786a34f5f5ce86d260119d441f30a0f
SHA512

168927d8a34c242bb796f1940102a4c83935fbb529c3c413488962de84db3c051452689ccac5002ae10b23072cc3da6bf3275e5fe62224da1c19f08b9dc7d1b7
SSDEEP

1536:q8DhEUQW0xYOBJyypgmDzVVmctTUybFIe/rUYejxKIjTKOj2:xhZQW0/nyypXtU6FRwjxdKO2

Score

8^/10

evasion persistence privilege_escalation

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
2280	netsh.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	sites.google.com
4	sites.google.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1684	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2192	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2976	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2344	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
1988	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
1892	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2928	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2256	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
332	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
968	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2328	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
316	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2380	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
1792	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
852	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2144	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
548	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
1848	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2896	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2924	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2296	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2780	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2560	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2880	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2912	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2292	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
472	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2256	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
332	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
532	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2328	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2676	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
1912	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
1164	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
1364	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
688	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2656	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
1680	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
1684	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2776	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2684	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2312	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
1708	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2124	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
1352	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2712	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2116	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2404	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
3020	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
320	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2120	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2228	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
1548	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
1624	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2412	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
1436	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2796	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
1540	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2284	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
3040	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2824	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
2272	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
1096	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
3024	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1684	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2192	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2976	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2344	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	1988	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	1892	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2928	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2256	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	332	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	968	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2328	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	316	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2380	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	1792	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	852	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2144	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	548	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	1848	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2896	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2924	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2296	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2780	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2560	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2880	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2912	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2292	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	472	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2256	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	332	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	532	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2328	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2676	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	1912	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	1164	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	1364	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	688	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2656	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	1680	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	1684	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2776	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2684	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2312	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	1708	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2124	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	1352	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2712	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2116	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2404	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	3020	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	320	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2120	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2228	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	1548	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	1624	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2412	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	1436	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2796	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	1540	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2284	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	3040	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2824	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	2272	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	1096	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
Token: SeDebugPrivilege	3024	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 2192	1684	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	31
PID 1684 wrote to memory of 2192	1684	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	31
PID 1684 wrote to memory of 2192	1684	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	31
PID 2192 wrote to memory of 2976	2192	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	32
PID 2192 wrote to memory of 2976	2192	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	32
PID 2192 wrote to memory of 2976	2192	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	32
PID 2976 wrote to memory of 2280	2976	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	33
PID 2976 wrote to memory of 2280	2976	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	33
PID 2976 wrote to memory of 2280	2976	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	33
PID 2976 wrote to memory of 2344	2976	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	35
PID 2976 wrote to memory of 2344	2976	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	35
PID 2976 wrote to memory of 2344	2976	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	35
PID 2344 wrote to memory of 1988	2344	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	36
PID 2344 wrote to memory of 1988	2344	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	36
PID 2344 wrote to memory of 1988	2344	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	36
PID 1988 wrote to memory of 1892	1988	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	37
PID 1988 wrote to memory of 1892	1988	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	37
PID 1988 wrote to memory of 1892	1988	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	37
PID 1892 wrote to memory of 2928	1892	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	38
PID 1892 wrote to memory of 2928	1892	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	38
PID 1892 wrote to memory of 2928	1892	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	38
PID 2928 wrote to memory of 2256	2928	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	39
PID 2928 wrote to memory of 2256	2928	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	39
PID 2928 wrote to memory of 2256	2928	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	39
PID 2256 wrote to memory of 332	2256	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	40
PID 2256 wrote to memory of 332	2256	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	40
PID 2256 wrote to memory of 332	2256	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	40
PID 332 wrote to memory of 968	332	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	41
PID 332 wrote to memory of 968	332	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	41
PID 332 wrote to memory of 968	332	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	41
PID 968 wrote to memory of 2328	968	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	42
PID 968 wrote to memory of 2328	968	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	42
PID 968 wrote to memory of 2328	968	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	42
PID 2328 wrote to memory of 316	2328	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	43
PID 2328 wrote to memory of 316	2328	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	43
PID 2328 wrote to memory of 316	2328	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	43
PID 316 wrote to memory of 2380	316	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	44
PID 316 wrote to memory of 2380	316	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	44
PID 316 wrote to memory of 2380	316	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	44
PID 2380 wrote to memory of 1792	2380	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	45
PID 2380 wrote to memory of 1792	2380	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	45
PID 2380 wrote to memory of 1792	2380	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	45
PID 1792 wrote to memory of 852	1792	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	46
PID 1792 wrote to memory of 852	1792	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	46
PID 1792 wrote to memory of 852	1792	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	46
PID 852 wrote to memory of 2144	852	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	47
PID 852 wrote to memory of 2144	852	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	47
PID 852 wrote to memory of 2144	852	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	47
PID 2144 wrote to memory of 548	2144	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	48
PID 2144 wrote to memory of 548	2144	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	48
PID 2144 wrote to memory of 548	2144	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	48
PID 548 wrote to memory of 1848	548	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	49
PID 548 wrote to memory of 1848	548	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	49
PID 548 wrote to memory of 1848	548	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	49
PID 1848 wrote to memory of 2896	1848	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	50
PID 1848 wrote to memory of 2896	1848	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	50
PID 1848 wrote to memory of 2896	1848	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	50
PID 2896 wrote to memory of 2924	2896	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	51
PID 2896 wrote to memory of 2924	2896	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	51
PID 2896 wrote to memory of 2924	2896	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	51
PID 2924 wrote to memory of 2296	2924	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	52
PID 2924 wrote to memory of 2296	2924	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	52
PID 2924 wrote to memory of 2296	2924	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	52
PID 2296 wrote to memory of 2780	2296	5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe	53

C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2192
- - C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
    C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2976
  - - C:\Windows\System32\netsh.exe
      "C:\Windows\System32\netsh.exe" firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe" "5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe" ENABLE
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        6⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        7⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        8⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        9⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        10⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        11⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        12⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        13⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        14⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        15⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        16⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        17⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        18⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        19⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        20⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        21⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        22⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        23⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        24⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        25⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        26⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        27⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        28⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        29⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        30⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        31⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        32⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        33⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        34⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        35⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        36⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        37⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        38⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        39⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        40⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        41⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        42⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        43⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        44⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        45⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        46⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        47⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        48⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        49⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        50⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        51⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        52⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        53⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        54⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        55⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        56⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        57⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        58⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        59⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        60⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        61⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        62⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        63⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        64⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        65⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        66⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        67⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        68⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        69⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        70⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        71⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        72⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        73⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        74⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        75⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        76⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        77⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        78⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        79⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        80⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        81⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        82⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        83⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        84⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        85⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        86⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        87⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        88⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        89⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        90⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        91⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        92⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        93⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        94⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        95⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        96⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        97⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        98⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        99⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        100⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        101⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        102⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        103⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        104⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        105⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        106⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        107⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        108⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        109⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        110⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        111⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        112⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        113⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        114⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        115⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        116⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        117⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        118⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        119⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        120⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        121⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        122⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        123⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        124⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        125⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        126⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        127⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        128⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        129⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        130⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        131⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        132⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        133⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        134⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        135⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        136⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        137⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        138⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        139⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        140⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        141⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        142⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        143⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        144⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        145⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        146⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        147⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        148⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        149⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        150⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        151⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        152⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        153⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        154⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        155⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        156⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        157⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        158⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        159⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        160⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        161⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        162⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        163⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        164⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        165⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        166⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        167⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        168⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        169⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        170⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        171⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        172⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        173⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        174⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        175⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        176⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        177⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        178⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        179⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        180⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        181⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        182⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        183⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        184⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        185⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        186⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\5bc2cc52519eb794d83a59c1c184d20f_JaffaCakes118.exe
        187⤵
        
        PID:1708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1684-0-0x000007FEF537E000-0x000007FEF537F000-memory.dmp

Filesize
4KB

Download
memory/1684-1-0x0000000000480000-0x0000000000484000-memory.dmp

Filesize
16KB

Download
memory/1684-2-0x0000000000490000-0x000000000049A000-memory.dmp

Filesize
40KB

Download
memory/1684-3-0x000007FEF50C0000-0x000007FEF5A5D000-memory.dmp

Filesize
9.6MB

Download
memory/1684-4-0x000007FEF50C0000-0x000007FEF5A5D000-memory.dmp

Filesize
9.6MB

Download
memory/1684-5-0x000007FEF50C0000-0x000007FEF5A5D000-memory.dmp

Filesize
9.6MB

Download
memory/1684-6-0x000007FEF50C0000-0x000007FEF5A5D000-memory.dmp

Filesize
9.6MB

Download
memory/1684-7-0x000007FEF50C0000-0x000007FEF5A5D000-memory.dmp

Filesize
9.6MB

Download
memory/2192-8-0x000007FEF50C0000-0x000007FEF5A5D000-memory.dmp

Filesize
9.6MB

Download
memory/2192-9-0x000007FEF50C0000-0x000007FEF5A5D000-memory.dmp

Filesize
9.6MB

Download
memory/2192-10-0x000007FEF50C0000-0x000007FEF5A5D000-memory.dmp

Filesize
9.6MB

Download
memory/2192-11-0x000007FEF50C0000-0x000007FEF5A5D000-memory.dmp

Filesize
9.6MB

Download
memory/2192-12-0x000007FEF50C0000-0x000007FEF5A5D000-memory.dmp

Filesize
9.6MB

Download
memory/2192-13-0x000007FEF50C0000-0x000007FEF5A5D000-memory.dmp

Filesize
9.6MB

Download