26fa4754ffdaae53f50fca74d226973451105fb25460d24fa6696eca949370dc

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
10-08-2024 07:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Size

131KB
MD5

854a1aab05c5a3b98d4aa7cee24d56f1
SHA1

a7820daec953b75a4854965d0696398606ebe85a
SHA256

26fa4754ffdaae53f50fca74d226973451105fb25460d24fa6696eca949370dc
SHA512

74c4c06e3c56478e715e0bfebf7370878b12b3b41ca523f3acd9087634a4d8f28e1d4db2b2ebfc5c728cd746a1428b9e18e92ff4f01c909e43f6c51b8a3219b1
SSDEEP

3072:F9joYg1yaWH72jgmdE/Nj1w4Zx1pfYcRZ2v:FboNg72sb/95x1pyv

Score

5^/10

discovery

Malware Config

Signatures

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 2036 set thread context of 2236	2036	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	32
PID 2236 set thread context of 2864	2236	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	33
PID 2864 set thread context of 2848	2864	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	34
PID 2848 set thread context of 2652	2848	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	35
PID 2652 set thread context of 2700	2652	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	36
PID 2700 set thread context of 3008	2700	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	37
PID 3008 set thread context of 2868	3008	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	38
PID 2868 set thread context of 2392	2868	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	39
PID 2392 set thread context of 2552	2392	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	40
PID 2552 set thread context of 2616	2552	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	41
PID 2616 set thread context of 544	2616	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	42
PID 544 set thread context of 644	544	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	43
PID 644 set thread context of 1776	644	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	44
PID 1776 set thread context of 2320	1776	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	45
PID 2320 set thread context of 1488	2320	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	46
PID 1488 set thread context of 1968	1488	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	47
PID 1968 set thread context of 2736	1968	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	48
PID 2736 set thread context of 2908	2736	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	49
PID 2908 set thread context of 2668	2908	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	50
PID 2668 set thread context of 2648	2668	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	51
PID 2648 set thread context of 2528	2648	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	52
PID 2528 set thread context of 2984	2528	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	53
PID 2984 set thread context of 1396	2984	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	54
PID 1396 set thread context of 2372	1396	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	55
PID 2372 set thread context of 1000	2372	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	56
PID 1000 set thread context of 1152	1000	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	57
PID 1152 set thread context of 2032	1152	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	58
PID 2032 set thread context of 1544	2032	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	59
PID 1544 set thread context of 992	1544	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	60
PID 992 set thread context of 1956	992	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	61
PID 1956 set thread context of 2520	1956	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	62
PID 2520 set thread context of 2312	2520	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	63
PID 2312 set thread context of 2784	2312	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	64
PID 2784 set thread context of 2748	2784	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	65
PID 2748 set thread context of 2688	2748	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	66
PID 2688 set thread context of 2356	2688	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	67
PID 2356 set thread context of 2932	2356	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	68
PID 2932 set thread context of 1696	2932	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	69
PID 1696 set thread context of 2068	1696	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	70
PID 2068 set thread context of 2100	2068	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	71
PID 2100 set thread context of 2428	2100	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	72
PID 2428 set thread context of 1092	2428	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	73
PID 1092 set thread context of 936	1092	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	74
PID 936 set thread context of 1708	936	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	75
PID 1708 set thread context of 988	1708	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	76
PID 988 set thread context of 1668	988	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	77
PID 1668 set thread context of 1788	1668	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	78
PID 1788 set thread context of 1572	1788	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	79
PID 1572 set thread context of 2880	1572	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	80
PID 2880 set thread context of 2664	2880	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	81
PID 2664 set thread context of 2768	2664	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	82
PID 2768 set thread context of 2892	2768	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	83
PID 2892 set thread context of 2816	2892	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	84
PID 2816 set thread context of 1272	2816	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	85
PID 1272 set thread context of 2728	1272	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	86
PID 2728 set thread context of 1040	2728	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	87
PID 1040 set thread context of 1360	1040	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	88
PID 1360 set thread context of 848	1360	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	89
PID 848 set thread context of 788	848	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	90
PID 788 set thread context of 920	788	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	91
PID 920 set thread context of 632	920	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	92
PID 632 set thread context of 2252	632	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	93
PID 2252 set thread context of 2980	2252	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	94
PID 2980 set thread context of 2744	2980	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	95

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2036	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2236	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2864	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2848	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2652	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2700	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
3008	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2868	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2392	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2552	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2616	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
544	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
644	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1776	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2320	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1488	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1968	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2736	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2908	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2668	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2648	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2528	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2984	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1396	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2372	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1000	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1152	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2032	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1544	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
992	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1956	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2520	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2312	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2784	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2748	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2688	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2356	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2932	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1696	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2068	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2100	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2428	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1092	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
936	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1708	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
988	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1668	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1788	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1572	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2880	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2664	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2768	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2892	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2816	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1272	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2728	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1040	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1360	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
848	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
788	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
920	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
632	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2252	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2980	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 2236	2036	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	32
PID 2036 wrote to memory of 2236	2036	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	32
PID 2036 wrote to memory of 2236	2036	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	32
PID 2036 wrote to memory of 2236	2036	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	32
PID 2036 wrote to memory of 2236	2036	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	32
PID 2036 wrote to memory of 2236	2036	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	32
PID 2036 wrote to memory of 2236	2036	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	32
PID 2036 wrote to memory of 2236	2036	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	32
PID 2236 wrote to memory of 2864	2236	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	33
PID 2236 wrote to memory of 2864	2236	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	33
PID 2236 wrote to memory of 2864	2236	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	33
PID 2236 wrote to memory of 2864	2236	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	33
PID 2236 wrote to memory of 2864	2236	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	33
PID 2236 wrote to memory of 2864	2236	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	33
PID 2236 wrote to memory of 2864	2236	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	33
PID 2236 wrote to memory of 2864	2236	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	33
PID 2864 wrote to memory of 2848	2864	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	34
PID 2864 wrote to memory of 2848	2864	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	34
PID 2864 wrote to memory of 2848	2864	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	34
PID 2864 wrote to memory of 2848	2864	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	34
PID 2864 wrote to memory of 2848	2864	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	34
PID 2864 wrote to memory of 2848	2864	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	34
PID 2864 wrote to memory of 2848	2864	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	34
PID 2864 wrote to memory of 2848	2864	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	34
PID 2848 wrote to memory of 2652	2848	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	35
PID 2848 wrote to memory of 2652	2848	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	35
PID 2848 wrote to memory of 2652	2848	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	35
PID 2848 wrote to memory of 2652	2848	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	35
PID 2848 wrote to memory of 2652	2848	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	35
PID 2848 wrote to memory of 2652	2848	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	35
PID 2848 wrote to memory of 2652	2848	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	35
PID 2848 wrote to memory of 2652	2848	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	35
PID 2652 wrote to memory of 2700	2652	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	36
PID 2652 wrote to memory of 2700	2652	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	36
PID 2652 wrote to memory of 2700	2652	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	36
PID 2652 wrote to memory of 2700	2652	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	36
PID 2652 wrote to memory of 2700	2652	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	36
PID 2652 wrote to memory of 2700	2652	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	36
PID 2652 wrote to memory of 2700	2652	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	36
PID 2652 wrote to memory of 2700	2652	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	36
PID 2700 wrote to memory of 3008	2700	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	37
PID 2700 wrote to memory of 3008	2700	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	37
PID 2700 wrote to memory of 3008	2700	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	37
PID 2700 wrote to memory of 3008	2700	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	37
PID 2700 wrote to memory of 3008	2700	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	37
PID 2700 wrote to memory of 3008	2700	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	37
PID 2700 wrote to memory of 3008	2700	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	37
PID 2700 wrote to memory of 3008	2700	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	37
PID 3008 wrote to memory of 2868	3008	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	38
PID 3008 wrote to memory of 2868	3008	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	38
PID 3008 wrote to memory of 2868	3008	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	38
PID 3008 wrote to memory of 2868	3008	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	38
PID 3008 wrote to memory of 2868	3008	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	38
PID 3008 wrote to memory of 2868	3008	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	38
PID 3008 wrote to memory of 2868	3008	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	38
PID 3008 wrote to memory of 2868	3008	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	38
PID 2868 wrote to memory of 2392	2868	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	39
PID 2868 wrote to memory of 2392	2868	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	39
PID 2868 wrote to memory of 2392	2868	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	39
PID 2868 wrote to memory of 2392	2868	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	39
PID 2868 wrote to memory of 2392	2868	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	39
PID 2868 wrote to memory of 2392	2868	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	39
PID 2868 wrote to memory of 2392	2868	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	39
PID 2868 wrote to memory of 2392	2868	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	39

C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2236
- - C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
    3⤵
    - Suspicious use of SetThreadContext
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
      4⤵
      Suspicious use of SetThreadContext
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        5⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        6⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        7⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        8⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        9⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        10⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        11⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        12⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        13⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        14⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        15⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        16⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        17⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        18⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        19⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        20⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        21⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        22⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        23⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        24⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        25⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        26⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        27⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        28⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        29⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        30⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        31⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        32⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        33⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        34⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        35⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        36⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        37⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        38⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        39⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        40⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        41⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        42⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        43⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        44⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        45⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        46⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        47⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        48⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        49⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        50⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        51⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        52⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        53⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        54⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        55⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        56⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        57⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        58⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        59⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        60⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        61⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        62⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        63⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        64⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        65⤵
        System Location Discovery: System Language Discovery
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        66⤵
        System Location Discovery: System Language Discovery
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        67⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        68⤵
        System Location Discovery: System Language Discovery
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        69⤵
        System Location Discovery: System Language Discovery
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        70⤵
        System Location Discovery: System Language Discovery
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        71⤵
        System Location Discovery: System Language Discovery
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        72⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        73⤵
        System Location Discovery: System Language Discovery
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        74⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        75⤵
        System Location Discovery: System Language Discovery
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        76⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        77⤵
        System Location Discovery: System Language Discovery
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        78⤵
        System Location Discovery: System Language Discovery
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        79⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        80⤵
        System Location Discovery: System Language Discovery
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        81⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        82⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        83⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        84⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        85⤵
        System Location Discovery: System Language Discovery
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        86⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        87⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        88⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        89⤵
        System Location Discovery: System Language Discovery
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        90⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        91⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        92⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        93⤵
        System Location Discovery: System Language Discovery
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        94⤵
        System Location Discovery: System Language Discovery
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        95⤵
        System Location Discovery: System Language Discovery
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        96⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        97⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        98⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        99⤵
        System Location Discovery: System Language Discovery
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        100⤵
        System Location Discovery: System Language Discovery
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        101⤵
        System Location Discovery: System Language Discovery
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        102⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        103⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        104⤵
        System Location Discovery: System Language Discovery
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        105⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        106⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        107⤵
        System Location Discovery: System Language Discovery
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        108⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        109⤵
        System Location Discovery: System Language Discovery
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        110⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        111⤵
        System Location Discovery: System Language Discovery
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        112⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        113⤵
        System Location Discovery: System Language Discovery
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        114⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        115⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        116⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        117⤵
        System Location Discovery: System Language Discovery
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        118⤵
        System Location Discovery: System Language Discovery
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        119⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        120⤵
        System Location Discovery: System Language Discovery
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        121⤵
        System Location Discovery: System Language Discovery
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        122⤵
        System Location Discovery: System Language Discovery
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        123⤵
        System Location Discovery: System Language Discovery
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        124⤵
        System Location Discovery: System Language Discovery
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        125⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        126⤵
        System Location Discovery: System Language Discovery
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        127⤵
        System Location Discovery: System Language Discovery
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        128⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        129⤵
        System Location Discovery: System Language Discovery
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        130⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        131⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        132⤵
        
        PID:1576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/324-1028-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/324-1043-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/324-1037-0x00000000002B0000-0x00000000002B7000-memory.dmp

Filesize
28KB

Download
memory/332-959-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/620-1352-0x0000000000370000-0x0000000000377000-memory.dmp

Filesize
28KB

Download
memory/632-888-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/788-857-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/848-842-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/848-836-0x0000000000360000-0x0000000000367000-memory.dmp

Filesize
28KB

Download
memory/848-829-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/920-859-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/920-869-0x00000000002A0000-0x00000000002A7000-memory.dmp

Filesize
28KB

Download
memory/1000-388-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1040-812-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1092-621-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1092-608-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1196-1000-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1196-988-0x0000000000380000-0x0000000000387000-memory.dmp

Filesize
28KB

Download
memory/1272-784-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1396-361-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1488-242-0x0000000002330000-0x0000000002337000-memory.dmp

Filesize
28KB

Download
memory/1488-247-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1544-428-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1544-423-0x00000000003F0000-0x00000000003F7000-memory.dmp

Filesize
28KB

Download
memory/1544-413-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1676-1221-0x00000000002E0000-0x00000000002E7000-memory.dmp

Filesize
28KB

Download
memory/1676-1220-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1696-566-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1696-554-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1708-644-0x0000000001B90000-0x0000000001B97000-memory.dmp

Filesize
28KB

Download
memory/1776-218-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1776-212-0x00000000003F0000-0x00000000003F7000-memory.dmp

Filesize
28KB

Download
memory/1920-1248-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1956-443-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1968-254-0x00000000003F0000-0x00000000003F7000-memory.dmp

Filesize
28KB

Download
memory/2004-1166-0x00000000003D0000-0x00000000003D7000-memory.dmp

Filesize
28KB

Download
memory/2032-416-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2036-17-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2036-0-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2036-3-0x0000000000500000-0x0000000000507000-memory.dmp

Filesize
28KB

Download
memory/2216-1201-0x00000000002E0000-0x00000000002E7000-memory.dmp

Filesize
28KB

Download
memory/2236-35-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2236-8-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2236-4-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2236-6-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2236-16-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2236-12-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2236-14-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2236-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2236-34-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2252-895-0x00000000004B0000-0x00000000004B7000-memory.dmp

Filesize
28KB

Download
memory/2252-901-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2252-885-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2312-473-0x0000000000480000-0x0000000000487000-memory.dmp

Filesize
28KB

Download
memory/2320-229-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2332-943-0x00000000003E0000-0x00000000003E7000-memory.dmp

Filesize
28KB

Download
memory/2356-526-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2356-527-0x00000000002E0000-0x00000000002E7000-memory.dmp

Filesize
28KB

Download
memory/2372-358-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2376-1085-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2392-134-0x0000000000320000-0x0000000000327000-memory.dmp

Filesize
28KB

Download
memory/2392-147-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2420-1002-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2420-1009-0x0000000000320000-0x0000000000327000-memory.dmp

Filesize
28KB

Download
memory/2428-596-0x00000000003F0000-0x00000000003F7000-memory.dmp

Filesize
28KB

Download
memory/2520-470-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2528-322-0x0000000000390000-0x0000000000397000-memory.dmp

Filesize
28KB

Download
memory/2552-163-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2552-158-0x00000000003E0000-0x00000000003E7000-memory.dmp

Filesize
28KB

Download
memory/2604-1125-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2616-174-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2632-979-0x0000000002410000-0x0000000002417000-memory.dmp

Filesize
28KB

Download
memory/2648-304-0x00000000003F0000-0x00000000003F7000-memory.dmp

Filesize
28KB

Download
memory/2652-70-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2652-84-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2652-82-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2664-724-0x0000000000310000-0x0000000000317000-memory.dmp

Filesize
28KB

Download
memory/2700-88-0x0000000000310000-0x0000000000317000-memory.dmp

Filesize
28KB

Download
memory/2700-104-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2700-87-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2728-797-0x00000000002F0000-0x00000000002F7000-memory.dmp

Filesize
28KB

Download
memory/2736-276-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2736-262-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2768-743-0x0000000000520000-0x0000000000527000-memory.dmp

Filesize
28KB

Download
memory/2768-747-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2808-1145-0x00000000022C0000-0x00000000022C7000-memory.dmp

Filesize
28KB

Download
memory/2844-1307-0x00000000003E0000-0x00000000003E7000-memory.dmp

Filesize
28KB

Download
memory/2848-49-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2848-53-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2848-68-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2848-65-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2864-45-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2864-48-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2868-131-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2880-713-0x00000000002E0000-0x00000000002E7000-memory.dmp

Filesize
28KB

Download
memory/2892-744-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2908-287-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2932-555-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2984-333-0x00000000003F0000-0x00000000003F7000-memory.dmp

Filesize
28KB

Download
memory/2984-332-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3004-1361-0x0000000000480000-0x0000000000487000-memory.dmp

Filesize
28KB

Download
memory/3008-105-0x00000000003E0000-0x00000000003E7000-memory.dmp

Filesize
28KB

Download
memory/3008-116-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3012-945-0x0000000000370000-0x0000000000377000-memory.dmp

Filesize
28KB

Download
memory/3012-944-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download