2160a2fba2efc22751b82cebb9d4ce21dfe35782cfb21bbf512687f413b80e65

Analysis

max time kernel
147s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-09-2024 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Size

452KB
MD5

dc83500f11eef58ddbb21c9dd2d17729
SHA1

46b0de105332e090806d5e95f38ee0a33c10ad3b
SHA256

2160a2fba2efc22751b82cebb9d4ce21dfe35782cfb21bbf512687f413b80e65
SHA512

b1289ae61523b0e170a434361e727bf5e0e0043c4596214b4823e6c961ace6a61b796adcbd459cbdcddab3c7d9ff3236ad81a9d88f8a9ca31206a90fb1c127ad
SSDEEP

12288:RH06XwKIhiXX1oJMdqvEu6XFhCQxy1Hex/pKAQb9NsAm:9frX1oJwqvEujh2xiBm

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 64 IoCs

pid	Process
2548	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2548	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2084	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2084	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2700	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2700	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2756	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2756	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2592	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2592	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
672	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
672	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1732	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1732	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1312	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1312	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1964	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1964	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2984	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2984	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1520	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1520	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2772	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2772	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2964	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2964	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1020	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1020	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2152	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2152	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1904	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1904	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1576	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1576	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2524	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2524	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2304	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2304	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
3012	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
3012	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2952	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2952	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2756	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2756	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2616	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2616	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2664	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2664	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
872	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
872	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1732	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1732	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1060	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1060	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2892	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2892	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2232	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2232	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
408	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
408	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1232	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1232	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2240	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2240	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 48 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2548	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2548	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2548	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2548	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2084	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2084	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2084	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2084	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2700	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2700	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2700	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2700	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2756	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2756	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2756	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2756	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2592	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2592	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2592	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2592	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
672	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
672	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
672	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
672	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1732	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1732	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1732	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1732	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1312	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1312	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1312	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1312	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1964	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1964	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1964	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1964	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2984	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2984	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2984	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2984	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1520	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1520	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1520	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1520	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2772	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2772	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2772	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2772	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2964	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2964	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2964	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2964	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1020	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1020	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1020	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1020	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2152	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2152	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2152	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2152	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1904	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1904	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1904	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1904	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe

Suspicious behavior: MapViewOfSection 59 IoCs

pid	Process
2548	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2084	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2700	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2756	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2592	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2592	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
672	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
672	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1732	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1312	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1312	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1964	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2984	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1520	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1520	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2772	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2964	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1020	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2152	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1904	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1576	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2524	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2304	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
3012	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2952	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2952	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2756	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2616	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2664	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
872	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1732	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1060	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2892	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2892	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2232	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
408	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1232	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2240	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
968	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
692	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
556	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
888	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1376	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1376	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2376	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2456	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2860	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2860	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2624	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
2612	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1952	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1236	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1236	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1456	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1456	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1452	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
864	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1752	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
1752	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2360	2548	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	30
PID 2548 wrote to memory of 2360	2548	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	30
PID 2548 wrote to memory of 2360	2548	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	30
PID 2548 wrote to memory of 2360	2548	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	30
PID 2548 wrote to memory of 2360	2548	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	30
PID 2548 wrote to memory of 2084	2548	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	31
PID 2548 wrote to memory of 2084	2548	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	31
PID 2548 wrote to memory of 2084	2548	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	31
PID 2548 wrote to memory of 2084	2548	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	31
PID 2084 wrote to memory of 2704	2084	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	32
PID 2084 wrote to memory of 2704	2084	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	32
PID 2084 wrote to memory of 2704	2084	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	32
PID 2084 wrote to memory of 2704	2084	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	32
PID 2084 wrote to memory of 2704	2084	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	32
PID 2084 wrote to memory of 2700	2084	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	33
PID 2084 wrote to memory of 2700	2084	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	33
PID 2084 wrote to memory of 2700	2084	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	33
PID 2084 wrote to memory of 2700	2084	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	33
PID 2700 wrote to memory of 2852	2700	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	34
PID 2700 wrote to memory of 2852	2700	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	34
PID 2700 wrote to memory of 2852	2700	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	34
PID 2700 wrote to memory of 2852	2700	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	34
PID 2700 wrote to memory of 2852	2700	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	34
PID 2700 wrote to memory of 2756	2700	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	36
PID 2700 wrote to memory of 2756	2700	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	36
PID 2700 wrote to memory of 2756	2700	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	36
PID 2700 wrote to memory of 2756	2700	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	36
PID 2756 wrote to memory of 2868	2756	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	37
PID 2756 wrote to memory of 2868	2756	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	37
PID 2756 wrote to memory of 2868	2756	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	37
PID 2756 wrote to memory of 2868	2756	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	37
PID 2756 wrote to memory of 2868	2756	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	37
PID 2756 wrote to memory of 2592	2756	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	38
PID 2756 wrote to memory of 2592	2756	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	38
PID 2756 wrote to memory of 2592	2756	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	38
PID 2756 wrote to memory of 2592	2756	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	38
PID 2592 wrote to memory of 2452	2592	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	39
PID 2592 wrote to memory of 2452	2592	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	39
PID 2592 wrote to memory of 2452	2592	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	39
PID 2592 wrote to memory of 2452	2592	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	39
PID 2592 wrote to memory of 2452	2592	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	39
PID 2592 wrote to memory of 672	2592	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	40
PID 2592 wrote to memory of 672	2592	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	40
PID 2592 wrote to memory of 672	2592	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	40
PID 2592 wrote to memory of 672	2592	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	40
PID 672 wrote to memory of 1920	672	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	41
PID 672 wrote to memory of 1920	672	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	41
PID 672 wrote to memory of 1920	672	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	41
PID 672 wrote to memory of 1920	672	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	41
PID 672 wrote to memory of 1920	672	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	41
PID 672 wrote to memory of 1732	672	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	42
PID 672 wrote to memory of 1732	672	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	42
PID 672 wrote to memory of 1732	672	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	42
PID 672 wrote to memory of 1732	672	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	42
PID 1732 wrote to memory of 1568	1732	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	43
PID 1732 wrote to memory of 1568	1732	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	43
PID 1732 wrote to memory of 1568	1732	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	43
PID 1732 wrote to memory of 1568	1732	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	43
PID 1732 wrote to memory of 1568	1732	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	43
PID 1732 wrote to memory of 1312	1732	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	44
PID 1732 wrote to memory of 1312	1732	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	44
PID 1732 wrote to memory of 1312	1732	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	44
PID 1732 wrote to memory of 1312	1732	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	44
PID 1312 wrote to memory of 1988	1312	dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe	45

C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
  2⤵
  PID:2360
- C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of WriteProcessMemory
  PID:2084
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
    3⤵
    PID:2704
- - C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: MapViewOfSection
    - Suspicious use of WriteProcessMemory
    PID:2700
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
      4⤵
      PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: MapViewOfSection
      Suspicious use of WriteProcessMemory
      PID:2756
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        5⤵
        
        PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        5⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: MapViewOfSection
        Suspicious use of WriteProcessMemory
        
        PID:2592
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        6⤵
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        6⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: MapViewOfSection
        Suspicious use of WriteProcessMemory
        
        PID:672
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        7⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        7⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: MapViewOfSection
        Suspicious use of WriteProcessMemory
        
        PID:1732
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        8⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        8⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: MapViewOfSection
        Suspicious use of WriteProcessMemory
        
        PID:1312
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        9⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        9⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: MapViewOfSection
        
        PID:1964
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        10⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        10⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: MapViewOfSection
        
        PID:2984
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        11⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        11⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: MapViewOfSection
        
        PID:1520
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        12⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        12⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: MapViewOfSection
        
        PID:2772
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        13⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        13⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: MapViewOfSection
        
        PID:2964
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        14⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        14⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: MapViewOfSection
        
        PID:1020
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        15⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        15⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: MapViewOfSection
        
        PID:2152
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        16⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        16⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: MapViewOfSection
        
        PID:1904
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        17⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        17⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:1576
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        18⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        18⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:2524
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        19⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        19⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:2304
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        20⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        20⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:3012
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        21⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        21⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:2952
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        22⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        22⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:2756
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        23⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        23⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:2616
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        24⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        24⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:2664
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        25⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        25⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:872
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        26⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        26⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:1732
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        27⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        27⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:1060
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        28⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        28⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:2892
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        29⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        29⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:2232
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        30⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        30⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:408
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        31⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        31⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:1232
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        32⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        32⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:2240
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        33⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        33⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:968
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        34⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        34⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:692
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        35⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        35⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:556
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        36⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        36⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:888
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        37⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        37⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:1376
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        38⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        38⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:2376
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        39⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        39⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:2456
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        40⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        40⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:2860
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        41⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        41⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:2624
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        42⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        42⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:2612
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        43⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        43⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:1952
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        44⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        44⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:1236
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        45⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        45⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:1456
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        46⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        46⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:1452
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        47⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        47⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:864
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        48⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        48⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        
        PID:1752
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dc83500f11eef58ddbb21c9dd2d17729_JaffaCakes118.exe"
        49⤵
        
        PID:1720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mybuttxxxt.xff

Filesize
128KB

MD5
6b30fc0faa10a1d25a79be1ac6f6d12d

SHA1
fce2af3513d4c191eb2128411284bf6bb4b0457f

SHA256
c64ac6e9c605eafe5c5223cf7d7f215d553cc3414c29ac5c011b144987ca3794

SHA512
16495ea4bad809da44240e6b7f8c2a0cf6e33cf8092bcaab7cfd3d3fa20debade39402c36ada51b845f3afda5b07268cfc6e959da7abf69bf004f1de21c2c06b

Download Submit
C:\Users\Admin\AppData\Local\Temp\mybuttxxxt.xff

Filesize
395KB

MD5
fab8080f79362b1ee8439686b6362c81

SHA1
051216d918734d447a11c92dc1df297bab7fc9f9

SHA256
09ca4092c88681c26d4ef899333913d078e9bd33c5ff86d4ae245c67f5361ddf

SHA512
c2247e2e5793207be1f1d8e9343894c25f9f74ec7b9e59bd5c62dc2ebfb2d9e145ab6fef2e9c817843d074f0cc78c594c21cd1ea390eb40b6d7ef3e4d725ad5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\mybuttxxxt.xff

Filesize
192KB

MD5
1551d6ff8c3f7be2edd37241a2236ea7

SHA1
5c40f60939fdaf5f9f119b742f200076e29633de

SHA256
f3c42a3fce94d6c00ecbfa43eaad4a6b60872d4aed77c92a23348c67449bfa53

SHA512
be339bee6472c0ccac16afef2d491bd9b0b2992f3079b1b1fb6bf6d6223fdc15de4eaee7dba027afd1ccbfb5522e0f078a52f5546cfe4c825597600aa21c3fcc

Download Submit
\Users\Admin\AppData\Local\Temp\jy2091qep.dll

Filesize
18KB

MD5
a393df2af4708ff2592687ff4ee343b9

SHA1
19b5212fc5dbd673f7e4f78c52b6c0ea33121d85

SHA256
eea2ac27c7db126176b9cbf245328c9acb06665995f1212cc28792304ca3f6f5

SHA512
b960e1ad593a17d94cacec2ef4e30c1b17b69469e3f1a0b26d992dce1ef697078a466bd1bde5779373bae6ff5b35c39a13f818c03c4a3a3eacda051b44ea0491

Download Submit
\Users\Admin\AppData\Local\Temp\nsjB29E.tmp\System.dll

Filesize
11KB

MD5
fccff8cb7a1067e23fd2e2b63971a8e1

SHA1
30e2a9e137c1223a78a0f7b0bf96a1c361976d91

SHA256
6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

SHA512
f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

Download Submit
memory/1020-188-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download
memory/1732-95-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download
memory/1964-122-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download
memory/2084-26-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download
memory/2548-12-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download
memory/2548-11-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download
memory/2592-68-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download
memory/2756-54-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download
memory/2756-53-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download