xtremerat | 2c55d206322d315230784f0cc6a5b28425cda0084895b9a219898a5c1360b6ba

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-01-2025 04:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Size

40KB
MD5

4cb7ac150cd74b3751833451d9d68b33
SHA1

1d8f6f9cabb58b985100f326a9bba8ec080ac2e4
SHA256

2c55d206322d315230784f0cc6a5b28425cda0084895b9a219898a5c1360b6ba
SHA512

1f74ec40f939477ee9c39cda06feab1c2def63ba88b79cd8b234abfb210940821676cdd7a15763027b8d8fe77fa7754b891efd53b7e0b8807926a36b79aa4a17
SSDEEP

768:bE9hghdN12Ozhiow2Gkmd3Iq/4BzNBwIldgzoRn:bu+zMOlw2GkmmqsBldooRn

Score

10^/10

xtremerat discovery persistence rat spyware

Malware Config

Signatures

Detect XtremeRAT payload 32 IoCs

resource	yara_rule
behavioral1/memory/2028-2-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2664-4-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3016-7-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2984-9-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2700-12-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2864-14-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2416-17-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2904-19-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2184-22-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2968-24-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1828-27-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2004-29-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2176-32-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1640-34-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2980-37-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2752-39-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1444-42-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1148-46-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2460-48-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2376-51-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2088-55-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2960-59-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1608-61-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2664-64-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1608-66-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3112-69-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3228-71-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3336-74-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3448-76-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3556-79-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3668-81-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3776-84-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat

XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
persistence spyware rat xtremerat
Xtremerat family
xtremerat
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 33 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 880	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	31
PID 2028 wrote to memory of 880	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	31
PID 2028 wrote to memory of 880	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	31
PID 2028 wrote to memory of 880	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	31
PID 2028 wrote to memory of 880	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	31
PID 2028 wrote to memory of 2528	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	32
PID 2028 wrote to memory of 2528	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	32
PID 2028 wrote to memory of 2528	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	32
PID 2028 wrote to memory of 2528	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	32
PID 2028 wrote to memory of 2528	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	32
PID 2028 wrote to memory of 236	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	33
PID 2028 wrote to memory of 236	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	33
PID 2028 wrote to memory of 236	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	33
PID 2028 wrote to memory of 236	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	33
PID 2028 wrote to memory of 236	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	33
PID 2028 wrote to memory of 2548	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	34
PID 2028 wrote to memory of 2548	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	34
PID 2028 wrote to memory of 2548	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	34
PID 2028 wrote to memory of 2548	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	34
PID 2028 wrote to memory of 2548	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	34
PID 2028 wrote to memory of 1652	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	35
PID 2028 wrote to memory of 1652	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	35
PID 2028 wrote to memory of 1652	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	35
PID 2028 wrote to memory of 1652	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	35
PID 2028 wrote to memory of 1652	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	35
PID 2028 wrote to memory of 1632	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	36
PID 2028 wrote to memory of 1632	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	36
PID 2028 wrote to memory of 1632	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	36
PID 2028 wrote to memory of 1632	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	36
PID 2028 wrote to memory of 1632	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	36
PID 2028 wrote to memory of 1164	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	37
PID 2028 wrote to memory of 1164	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	37
PID 2028 wrote to memory of 1164	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	37
PID 2028 wrote to memory of 1164	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	37
PID 2028 wrote to memory of 1164	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	37
PID 2028 wrote to memory of 1692	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	38
PID 2028 wrote to memory of 1692	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	38
PID 2028 wrote to memory of 1692	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	38
PID 2028 wrote to memory of 1692	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	38
PID 2028 wrote to memory of 2664	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	39
PID 2028 wrote to memory of 2664	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	39
PID 2028 wrote to memory of 2664	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	39
PID 2028 wrote to memory of 2664	2028	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	39
PID 2664 wrote to memory of 2844	2664	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	40
PID 2664 wrote to memory of 2844	2664	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	40
PID 2664 wrote to memory of 2844	2664	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	40
PID 2664 wrote to memory of 2844	2664	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	40
PID 2664 wrote to memory of 2844	2664	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	40
PID 2664 wrote to memory of 2852	2664	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	41
PID 2664 wrote to memory of 2852	2664	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	41
PID 2664 wrote to memory of 2852	2664	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	41
PID 2664 wrote to memory of 2852	2664	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	41
PID 2664 wrote to memory of 2852	2664	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	41
PID 2664 wrote to memory of 584	2664	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	42
PID 2664 wrote to memory of 584	2664	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	42
PID 2664 wrote to memory of 584	2664	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	42
PID 2664 wrote to memory of 584	2664	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	42
PID 2664 wrote to memory of 584	2664	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	42
PID 2664 wrote to memory of 1552	2664	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	43
PID 2664 wrote to memory of 1552	2664	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	43
PID 2664 wrote to memory of 1552	2664	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	43
PID 2664 wrote to memory of 1552	2664	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	43
PID 2664 wrote to memory of 1552	2664	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	43
PID 2664 wrote to memory of 2728	2664	JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe	44

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:880
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:2528
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:236
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:2548
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:1652
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:1632
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:1164
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:1692
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
  "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2844
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2852
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:584
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1552
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2728
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2804
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2788
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2800
- - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3016
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:3004
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2588
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:1624
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2812
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2696
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2776
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2172
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
      "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2984
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2716
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2748
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2628
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2828
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2580
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2592
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2600
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2700
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2156
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2208
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2148
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2420
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2008
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1088
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1684
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2864
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:772
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1168
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:340
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:108
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2648
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2920
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2416
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:532
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:348
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1348
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1956
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1936
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1520
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2872
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2904
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2988
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2900
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2756
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2972
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2204
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2200
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1048
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2184
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2304
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2436
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:676
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:908
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1960
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:780
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2968
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:960
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:952
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1888
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1840
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2480
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1844
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1828
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:792
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:612
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1456
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1248
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1584
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1452
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2264
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2004
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:1528
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2276
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:1612
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2380
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:1672
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:3044
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:1720
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2176
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2324
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1208
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:988
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2504
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1944
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1872
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2368
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1640
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2456
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:1512
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:1488
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2992
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2140
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2724
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2224
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2400
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2084
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2452
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2956
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2752
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:2212
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:2984
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:752
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:1812
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:2132
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:2952
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:2568
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1444
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2640
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:996
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2136
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:1340
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2892
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2256
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2552
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:1148
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:324
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:3024
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:884
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:844
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:1568
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:1504
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:2464
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2460
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:1892
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:1420
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:1032
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:2440
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:1008
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:1940
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:2476
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:2376
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:1508
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:2020
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:2660
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:2028
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:2196
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:2372
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:2088
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:2980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:2624
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:1852
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:2576
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:2752
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:2876
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:1440
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        22⤵
        System Location Discovery: System Language Discovery
        
        PID:2960
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:824
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:1996
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:1716
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:596
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:1388
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:876
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:328
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        23⤵
        System Location Discovery: System Language Discovery
        
        PID:1608
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:2708
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:2024
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:1620
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:2948
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:2860
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:1780
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:3060
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        24⤵
        System Location Discovery: System Language Discovery
        
        PID:2664
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2968
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2404
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:852
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:940
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:944
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2672
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        25⤵
        System Location Discovery: System Language Discovery
        
        PID:1608
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:1644
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:3016
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:1992
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:1104
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:3080
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:3088
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        26⤵
        System Location Discovery: System Language Discovery
        
        PID:3112
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:3140
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:3152
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:3164
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:3176
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:3184
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:3196
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:3204
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        27⤵
        System Location Discovery: System Language Discovery
        
        PID:3228
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3252
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3260
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3272
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3280
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3292
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3300
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3312
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        28⤵
        System Location Discovery: System Language Discovery
        
        PID:3336
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3368
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3376
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3388
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3396
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3408
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3416
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        29⤵
        System Location Discovery: System Language Discovery
        
        PID:3448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3468
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3484
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3492
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3504
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3512
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3524
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3532
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        30⤵
        System Location Discovery: System Language Discovery
        
        PID:3556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3584
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3596
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3604
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3616
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3624
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3636
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3644
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        31⤵
        System Location Discovery: System Language Discovery
        
        PID:3668
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3688
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3700
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3716
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3724
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3736
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3744
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3756
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        32⤵
        System Location Discovery: System Language Discovery
        
        PID:3776
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3812
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3820
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3832
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3840
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3852
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3860
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3872
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cb7ac150cd74b3751833451d9d68b33.exe"
        33⤵
        System Location Discovery: System Language Discovery
        
        PID:3892
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        34⤵
        
        PID:3912
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        34⤵
        
        PID:3928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\.cfg

Filesize
1KB

MD5
c9566621c5b603c3f656c9575abbc93e

SHA1
8adc800cbc8d58f69b94c84aa999598e75f8cf74

SHA256
9030e31f07eafb56bcde9715c3d4de3167da1c233b5e5298228c0f08479c897c

SHA512
4074520368c76e846d485133bb388eed3d3aeaa1e4a6693151f9f0e27477f227f6e812fbc77a9686f9cdafe40c39cefbe437d9e00c94fb71f2b8878591aa11a1

Download Submit
memory/1148-46-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1444-42-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1608-66-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1608-61-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1640-34-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1828-27-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2004-29-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2028-2-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2088-55-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2176-32-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2184-22-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2376-51-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2416-17-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2460-48-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2664-64-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2664-4-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2700-12-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2752-39-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2864-14-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2904-19-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2960-59-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2968-24-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2980-37-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2984-9-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3016-7-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3112-69-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3228-71-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3336-74-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3448-76-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3556-79-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3668-81-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3776-84-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download