xtremerat | 1dfae01636f73d6b4fdfee9e19ba37e1a2f6db7efc3b0d69690dc2d68e4a88c7

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-01-2025 17:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Size

40KB
MD5

5e0e3ec1a307f22bae37cc7f0ccc5cbe
SHA1

fd851564f2e84e5cc6d5de5ca914c46db568dd60
SHA256

1dfae01636f73d6b4fdfee9e19ba37e1a2f6db7efc3b0d69690dc2d68e4a88c7
SHA512

b4ff21a6bdb97c97ea1842425fcf4661b8f27488f59b5fe37ec7524a634d508b8eebc963a4bd7db81e27a3ef220adeb4efda38cab3ac78d80a27d89477660c33
SSDEEP

768:sE9hghdN12Ozhiow2Gkm6TcB/pBzNBwIldMzoH:su+zMOlw2GkmdB/Bld8oH

Score

10^/10

xtremerat discovery persistence rat spyware

Malware Config

Signatures

Detect XtremeRAT payload 32 IoCs

resource	yara_rule
behavioral1/files/0x0008000000016858-2.dat	family_xtremerat
behavioral1/memory/2116-4-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1804-7-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2836-13-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2652-17-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3036-21-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2764-26-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2684-30-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1784-38-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/468-42-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2296-48-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2464-52-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2548-58-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2776-62-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2864-68-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1520-73-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1928-78-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2272-83-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2548-88-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1044-93-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1840-97-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1516-102-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1380-105-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2368-108-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2708-111-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3120-114-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3248-117-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3376-120-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3504-123-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3632-126-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3764-129-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/3900-132-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat

XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
persistence spyware rat xtremerat
Xtremerat family
xtremerat

Executes dropped EXE 31 IoCs

pid	Process
1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2836	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2652	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3036	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2764	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2684	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
1784	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
468	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2296	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2464	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2548	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2776	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2864	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
1520	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
1928	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2272	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2548	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
1044	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
1840	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
1516	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
1380	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2368	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2708	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3120	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3248	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3376	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3504	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3632	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3764	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3900	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
4024	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe

Loads dropped DLL 31 IoCs

pid	Process
2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2836	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2652	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3036	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2764	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2684	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
1784	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
468	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2296	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2464	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2548	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2776	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2864	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
1520	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
1928	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2272	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2548	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
1044	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
1840	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
1516	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
1380	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2368	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2708	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3120	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3248	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3376	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3504	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3632	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3764	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3900	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 32 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 1824	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	30
PID 2116 wrote to memory of 1824	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	30
PID 2116 wrote to memory of 1824	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	30
PID 2116 wrote to memory of 1824	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	30
PID 2116 wrote to memory of 1824	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	30
PID 2116 wrote to memory of 1864	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	31
PID 2116 wrote to memory of 1864	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	31
PID 2116 wrote to memory of 1864	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	31
PID 2116 wrote to memory of 1864	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	31
PID 2116 wrote to memory of 1864	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	31
PID 2116 wrote to memory of 2092	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	32
PID 2116 wrote to memory of 2092	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	32
PID 2116 wrote to memory of 2092	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	32
PID 2116 wrote to memory of 2092	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	32
PID 2116 wrote to memory of 2092	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	32
PID 2116 wrote to memory of 2860	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	33
PID 2116 wrote to memory of 2860	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	33
PID 2116 wrote to memory of 2860	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	33
PID 2116 wrote to memory of 2860	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	33
PID 2116 wrote to memory of 2860	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	33
PID 2116 wrote to memory of 1672	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	34
PID 2116 wrote to memory of 1672	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	34
PID 2116 wrote to memory of 1672	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	34
PID 2116 wrote to memory of 1672	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	34
PID 2116 wrote to memory of 1672	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	34
PID 2116 wrote to memory of 2304	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	35
PID 2116 wrote to memory of 2304	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	35
PID 2116 wrote to memory of 2304	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	35
PID 2116 wrote to memory of 2304	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	35
PID 2116 wrote to memory of 2304	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	35
PID 2116 wrote to memory of 1884	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	36
PID 2116 wrote to memory of 1884	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	36
PID 2116 wrote to memory of 1884	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	36
PID 2116 wrote to memory of 1884	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	36
PID 2116 wrote to memory of 1884	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	36
PID 2116 wrote to memory of 2216	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	37
PID 2116 wrote to memory of 2216	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	37
PID 2116 wrote to memory of 2216	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	37
PID 2116 wrote to memory of 2216	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	37
PID 2116 wrote to memory of 1804	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	38
PID 2116 wrote to memory of 1804	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	38
PID 2116 wrote to memory of 1804	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	38
PID 2116 wrote to memory of 1804	2116	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	38
PID 1804 wrote to memory of 2696	1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	39
PID 1804 wrote to memory of 2696	1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	39
PID 1804 wrote to memory of 2696	1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	39
PID 1804 wrote to memory of 2696	1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	39
PID 1804 wrote to memory of 2696	1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	39
PID 1804 wrote to memory of 2800	1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	40
PID 1804 wrote to memory of 2800	1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	40
PID 1804 wrote to memory of 2800	1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	40
PID 1804 wrote to memory of 2800	1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	40
PID 1804 wrote to memory of 2800	1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	40
PID 1804 wrote to memory of 2824	1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	41
PID 1804 wrote to memory of 2824	1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	41
PID 1804 wrote to memory of 2824	1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	41
PID 1804 wrote to memory of 2824	1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	41
PID 1804 wrote to memory of 2824	1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	41
PID 1804 wrote to memory of 2944	1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	42
PID 1804 wrote to memory of 2944	1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	42
PID 1804 wrote to memory of 2944	1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	42
PID 1804 wrote to memory of 2944	1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	42
PID 1804 wrote to memory of 2944	1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	42
PID 1804 wrote to memory of 2744	1804	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	43

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:1824
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:1864
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:2092
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:2860
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:1672
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:2304
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:1884
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe"
  2⤵
  PID:2216
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
  "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1804
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2696
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2800
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2824
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2944
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2744
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2932
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2596
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1540
- - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2836
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2612
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2332
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2844
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2828
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2632
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2832
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2588
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
      "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:2652
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2156
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2476
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1796
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:644
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1920
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:732
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1908
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3036
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2000
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1932
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2432
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1656
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1976
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1892
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1252
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2764
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1436
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1288
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1324
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2472
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1300
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:288
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1772
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2684
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2108
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2524
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1292
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:784
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:484
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2236
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2252
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1784
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:300
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2188
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1372
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1532
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1140
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1352
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:468
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1564
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1780
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2180
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2984
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1724
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1012
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2296
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2552
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1972
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1684
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:708
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1500
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2320
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2464
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2508
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2336
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1168
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1580
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1620
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2536
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2016
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2548
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2740
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2780
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2748
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2880
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:1804
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2840
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2876
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2776
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2836
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1860
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2900
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3052
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2892
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2652
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2688
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2864
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2884
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:856
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:1344
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2412
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2072
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2896
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2192
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1520
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2276
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:276
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2196
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:1256
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2568
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:1660
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1928
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:916
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:1376
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:2428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:468
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:2960
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:1428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:2024
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2272
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:1608
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:1512
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2012
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2392
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2912
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2820
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2848
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2548
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:2916
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:2496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:2088
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:1988
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:1924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:1852
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:2440
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1044
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:1016
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:1276
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:820
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:552
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:1008
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:1648
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:1172
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1840
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:968
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:1536
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:2124
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:1056
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:3056
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:1928
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:3060
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1516
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:2608
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:940
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:816
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:2084
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:592
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:3024
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:2160
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1380
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:1044
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:1792
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:1748
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:1496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:2296
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:2640
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:2484
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2368
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:2372
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:1516
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:1584
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:1068
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:564
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:1784
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:2872
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2708
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2468
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:1004
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:3040
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2212
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:1036
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2284
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:3084
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3120
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:3148
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:3160
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:3172
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:3180
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:3192
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:3200
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:3212
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3248
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:3280
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:3288
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:3300
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:3308
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:3320
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:3332
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:3344
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3376
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3408
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3420
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3432
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3440
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3452
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3460
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3472
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3504
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3536
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3548
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3568
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3576
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3588
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3596
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3632
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3664
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3676
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3684
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3696
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3704
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3716
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3724
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3764
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3800
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3808
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3820
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3828
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3840
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3848
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3860
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3900
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3928
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3940
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3952
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3960
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3972
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:3992
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        32⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        32⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4024
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:4060
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:4072
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:4080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lFsfBDAJ.cfg

Filesize
1KB

MD5
ec3a1bf69c182f06b7767d638dd4168a

SHA1
dfb0b9843c90f6a31304dec3d197d2183d076e1d

SHA256
e928fb33de9784d90682c2c38f0da4b11c71cdc2556d54bb482be84f5843253f

SHA512
30bc82477a2204e041d1309a8fa58ebe814b5c66a8636abf1f59f0754052619fb1efcd4020ce5cf48a377ee3d0813fec6ffe710ebdff6e1bdff545121ea64aa7

Download Submit
\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe

Filesize
40KB

MD5
5e0e3ec1a307f22bae37cc7f0ccc5cbe

SHA1
fd851564f2e84e5cc6d5de5ca914c46db568dd60

SHA256
1dfae01636f73d6b4fdfee9e19ba37e1a2f6db7efc3b0d69690dc2d68e4a88c7

SHA512
b4ff21a6bdb97c97ea1842425fcf4661b8f27488f59b5fe37ec7524a634d508b8eebc963a4bd7db81e27a3ef220adeb4efda38cab3ac78d80a27d89477660c33

Download Submit
memory/468-42-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1044-93-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1380-105-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1516-102-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1520-73-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1784-38-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1804-7-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1840-97-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1928-78-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2116-4-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2272-83-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2296-48-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2368-108-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2464-52-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2548-58-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2548-88-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2652-17-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2684-30-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2708-111-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2764-26-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2776-62-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2836-13-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2864-68-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3036-21-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3120-114-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3248-117-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3376-120-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3504-123-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3632-126-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3764-129-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3900-132-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download