26fa4754ffdaae53f50fca74d226973451105fb25460d24fa6696eca949370dc

Analysis

max time kernel
149s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 07:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Size

131KB
MD5

854a1aab05c5a3b98d4aa7cee24d56f1
SHA1

a7820daec953b75a4854965d0696398606ebe85a
SHA256

26fa4754ffdaae53f50fca74d226973451105fb25460d24fa6696eca949370dc
SHA512

74c4c06e3c56478e715e0bfebf7370878b12b3b41ca523f3acd9087634a4d8f28e1d4db2b2ebfc5c728cd746a1428b9e18e92ff4f01c909e43f6c51b8a3219b1
SSDEEP

3072:F9joYg1yaWH72jgmdE/Nj1w4Zx1pfYcRZ2v:FboNg72sb/95x1pyv

Score

5^/10

discovery

Malware Config

Signatures

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 1304 set thread context of 3652	1304	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	88
PID 3652 set thread context of 4432	3652	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	89
PID 4432 set thread context of 2316	4432	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	92
PID 2316 set thread context of 1484	2316	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	94
PID 1484 set thread context of 536	1484	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	95
PID 536 set thread context of 4600	536	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	97
PID 4600 set thread context of 936	4600	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	98
PID 936 set thread context of 2064	936	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	100
PID 2064 set thread context of 4628	2064	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	101
PID 4628 set thread context of 1608	4628	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	102
PID 1608 set thread context of 668	1608	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	104
PID 668 set thread context of 768	668	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	105
PID 768 set thread context of 3136	768	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	106
PID 3136 set thread context of 1832	3136	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	107
PID 1832 set thread context of 1232	1832	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	108
PID 1232 set thread context of 1124	1232	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	109
PID 1124 set thread context of 2772	1124	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	110
PID 2772 set thread context of 4360	2772	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	111
PID 4360 set thread context of 2588	4360	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	112
PID 2588 set thread context of 4364	2588	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	113
PID 4364 set thread context of 1352	4364	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	114
PID 1352 set thread context of 2384	1352	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	115
PID 2384 set thread context of 3956	2384	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	116
PID 3956 set thread context of 3392	3956	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	118
PID 3392 set thread context of 5088	3392	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	119
PID 5088 set thread context of 4784	5088	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	120
PID 4784 set thread context of 3396	4784	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	122
PID 3396 set thread context of 4444	3396	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	123
PID 4444 set thread context of 3960	4444	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	124
PID 3960 set thread context of 1120	3960	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	125
PID 1120 set thread context of 1976	1120	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	126
PID 1976 set thread context of 2088	1976	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	127
PID 2088 set thread context of 1704	2088	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	128
PID 1704 set thread context of 3080	1704	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	130
PID 3080 set thread context of 4068	3080	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	131
PID 4068 set thread context of 4928	4068	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	132
PID 4928 set thread context of 652	4928	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	133
PID 652 set thread context of 4956	652	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	134
PID 4956 set thread context of 2172	4956	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	135
PID 2172 set thread context of 4280	2172	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	136
PID 4280 set thread context of 1924	4280	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	137
PID 1924 set thread context of 3420	1924	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	138
PID 3420 set thread context of 3664	3420	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	139
PID 3664 set thread context of 1788	3664	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	140
PID 1788 set thread context of 3484	1788	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	141
PID 3484 set thread context of 1572	3484	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	142
PID 1572 set thread context of 2200	1572	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	143
PID 2200 set thread context of 1964	2200	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	144
PID 1964 set thread context of 4008	1964	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	145
PID 4008 set thread context of 4636	4008	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	146
PID 4636 set thread context of 4332	4636	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	148
PID 4332 set thread context of 4960	4332	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	149
PID 4960 set thread context of 3304	4960	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	150
PID 3304 set thread context of 1864	3304	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	151
PID 1864 set thread context of 4560	1864	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	152
PID 4560 set thread context of 4388	4560	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	153
PID 4388 set thread context of 3448	4388	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	154
PID 3448 set thread context of 4356	3448	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	155
PID 4356 set thread context of 2944	4356	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	156
PID 2944 set thread context of 3904	2944	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	157
PID 3904 set thread context of 3752	3904	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	158
PID 3752 set thread context of 2784	3752	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	159
PID 2784 set thread context of 4436	2784	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	160
PID 4436 set thread context of 1552	4436	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	161

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1304	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
3652	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
4432	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2316	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1484	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
536	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
4600	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
936	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2064	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
4628	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1608	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
668	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
768	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
3136	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1832	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1232	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1124	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2772	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
4360	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2588	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
4364	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1352	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2384	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
3956	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
3392	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
5088	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
4784	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
3396	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
4444	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
3960	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1120	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1976	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2088	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1704	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
3080	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
4068	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
4928	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
652	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
4956	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2172	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
4280	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1924	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
3420	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
3664	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1788	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
3484	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1572	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2200	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1964	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
4008	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
4636	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
4332	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
4960	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
3304	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
1864	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
4560	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
4388	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
3448	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
4356	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2944	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
3904	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
3752	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
2784	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
4436	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 3652	1304	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	88
PID 1304 wrote to memory of 3652	1304	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	88
PID 1304 wrote to memory of 3652	1304	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	88
PID 1304 wrote to memory of 3652	1304	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	88
PID 1304 wrote to memory of 3652	1304	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	88
PID 1304 wrote to memory of 3652	1304	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	88
PID 1304 wrote to memory of 3652	1304	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	88
PID 1304 wrote to memory of 3652	1304	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	88
PID 3652 wrote to memory of 4432	3652	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	89
PID 3652 wrote to memory of 4432	3652	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	89
PID 3652 wrote to memory of 4432	3652	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	89
PID 3652 wrote to memory of 4432	3652	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	89
PID 3652 wrote to memory of 4432	3652	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	89
PID 3652 wrote to memory of 4432	3652	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	89
PID 3652 wrote to memory of 4432	3652	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	89
PID 3652 wrote to memory of 4432	3652	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	89
PID 4432 wrote to memory of 2316	4432	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	92
PID 4432 wrote to memory of 2316	4432	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	92
PID 4432 wrote to memory of 2316	4432	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	92
PID 4432 wrote to memory of 2316	4432	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	92
PID 4432 wrote to memory of 2316	4432	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	92
PID 4432 wrote to memory of 2316	4432	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	92
PID 4432 wrote to memory of 2316	4432	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	92
PID 4432 wrote to memory of 2316	4432	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	92
PID 2316 wrote to memory of 1484	2316	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	94
PID 2316 wrote to memory of 1484	2316	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	94
PID 2316 wrote to memory of 1484	2316	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	94
PID 2316 wrote to memory of 1484	2316	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	94
PID 2316 wrote to memory of 1484	2316	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	94
PID 2316 wrote to memory of 1484	2316	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	94
PID 2316 wrote to memory of 1484	2316	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	94
PID 2316 wrote to memory of 1484	2316	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	94
PID 1484 wrote to memory of 536	1484	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	95
PID 1484 wrote to memory of 536	1484	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	95
PID 1484 wrote to memory of 536	1484	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	95
PID 1484 wrote to memory of 536	1484	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	95
PID 1484 wrote to memory of 536	1484	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	95
PID 1484 wrote to memory of 536	1484	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	95
PID 1484 wrote to memory of 536	1484	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	95
PID 1484 wrote to memory of 536	1484	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	95
PID 536 wrote to memory of 4600	536	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	97
PID 536 wrote to memory of 4600	536	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	97
PID 536 wrote to memory of 4600	536	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	97
PID 536 wrote to memory of 4600	536	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	97
PID 536 wrote to memory of 4600	536	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	97
PID 536 wrote to memory of 4600	536	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	97
PID 536 wrote to memory of 4600	536	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	97
PID 536 wrote to memory of 4600	536	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	97
PID 4600 wrote to memory of 936	4600	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	98
PID 4600 wrote to memory of 936	4600	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	98
PID 4600 wrote to memory of 936	4600	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	98
PID 4600 wrote to memory of 936	4600	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	98
PID 4600 wrote to memory of 936	4600	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	98
PID 4600 wrote to memory of 936	4600	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	98
PID 4600 wrote to memory of 936	4600	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	98
PID 4600 wrote to memory of 936	4600	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	98
PID 936 wrote to memory of 2064	936	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	100
PID 936 wrote to memory of 2064	936	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	100
PID 936 wrote to memory of 2064	936	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	100
PID 936 wrote to memory of 2064	936	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	100
PID 936 wrote to memory of 2064	936	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	100
PID 936 wrote to memory of 2064	936	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	100
PID 936 wrote to memory of 2064	936	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	100
PID 936 wrote to memory of 2064	936	854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe	100

C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3652
- - C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
    3⤵
    - Suspicious use of SetThreadContext
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
      4⤵
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        5⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        6⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        7⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        8⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        9⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        10⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        11⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        12⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        13⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        14⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        15⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        16⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        17⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        18⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        19⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        20⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        21⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        22⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        23⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        24⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        25⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        26⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        27⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        28⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        29⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        30⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        31⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        32⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        33⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        34⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        35⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        36⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        37⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        38⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        39⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        40⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        41⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        42⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        43⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        44⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        45⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        46⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        47⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        48⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        49⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        50⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        51⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        52⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        53⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        54⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        55⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        56⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        57⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        58⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        59⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        60⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        61⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        62⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        63⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        64⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        65⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        66⤵
        System Location Discovery: System Language Discovery
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        67⤵
        System Location Discovery: System Language Discovery
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        68⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        69⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        70⤵
        System Location Discovery: System Language Discovery
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        71⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        72⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        73⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        74⤵
        System Location Discovery: System Language Discovery
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        75⤵
        System Location Discovery: System Language Discovery
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        77⤵
        System Location Discovery: System Language Discovery
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        78⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        79⤵
        System Location Discovery: System Language Discovery
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        80⤵
        System Location Discovery: System Language Discovery
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        81⤵
        System Location Discovery: System Language Discovery
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        82⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        83⤵
        System Location Discovery: System Language Discovery
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        84⤵
        System Location Discovery: System Language Discovery
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        85⤵
        System Location Discovery: System Language Discovery
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        86⤵
        System Location Discovery: System Language Discovery
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        87⤵
        System Location Discovery: System Language Discovery
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        88⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        89⤵
        System Location Discovery: System Language Discovery
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        90⤵
        System Location Discovery: System Language Discovery
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        91⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        92⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        93⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        94⤵
        System Location Discovery: System Language Discovery
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        95⤵
        System Location Discovery: System Language Discovery
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        96⤵
        System Location Discovery: System Language Discovery
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        97⤵
        System Location Discovery: System Language Discovery
        
        PID:724
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        98⤵
        System Location Discovery: System Language Discovery
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        99⤵
        System Location Discovery: System Language Discovery
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        100⤵
        System Location Discovery: System Language Discovery
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        101⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        102⤵
        System Location Discovery: System Language Discovery
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        103⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        104⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        105⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        106⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        107⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        108⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        109⤵
        System Location Discovery: System Language Discovery
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        110⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        111⤵
        System Location Discovery: System Language Discovery
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        112⤵
        System Location Discovery: System Language Discovery
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        113⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\854a1aab05c5a3b98d4aa7cee24d56f1_JaffaCakes118.exe"
        114⤵
        
        PID:912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/456-484-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/536-47-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/536-50-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/652-267-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/668-91-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/668-90-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/768-97-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/768-95-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/936-65-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/936-62-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1120-222-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1124-127-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1128-718-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1232-120-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1304-9-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1304-0-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1352-160-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1376-498-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1484-42-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1484-39-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1484-34-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1520-597-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1552-449-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1572-327-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1608-83-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1608-86-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1656-516-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1788-313-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1788-646-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1832-110-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1832-113-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1904-573-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1948-462-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1964-342-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/1976-227-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2028-539-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2064-71-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2064-69-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2088-236-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2184-627-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2200-335-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2280-559-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2296-524-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2316-31-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2316-29-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2400-752-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2408-619-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2588-147-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2772-134-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2784-435-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2928-605-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/2944-416-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3012-653-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3016-510-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3052-457-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3132-685-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3136-106-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3136-103-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3188-552-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3232-471-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3304-374-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3392-181-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3396-203-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3448-402-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3476-693-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3480-678-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3484-320-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3536-638-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3548-532-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3652-6-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3652-5-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3652-17-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3652-15-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3652-3-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3664-307-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3684-491-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3752-430-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3904-422-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3940-772-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/3956-173-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/4008-349-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/4068-612-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/4068-255-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/4272-592-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/4280-288-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/4356-407-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/4360-139-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/4364-153-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/4388-393-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/4432-24-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/4432-21-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4464-544-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/4600-57-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/4600-54-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4600-45-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/4628-77-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4628-79-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/4636-357-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/4784-194-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/4800-701-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/4920-746-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/4928-261-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/4932-766-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/4956-275-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/4976-727-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/5088-189-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/5100-660-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download
memory/5112-739-0x0000000000400000-0x0000000000406ABC-memory.dmp

Filesize
26KB

Download