xtremerat | 1dfae01636f73d6b4fdfee9e19ba37e1a2f6db7efc3b0d69690dc2d68e4a88c7

Analysis

max time kernel
150s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15-01-2025 17:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Size

40KB
MD5

5e0e3ec1a307f22bae37cc7f0ccc5cbe
SHA1

fd851564f2e84e5cc6d5de5ca914c46db568dd60
SHA256

1dfae01636f73d6b4fdfee9e19ba37e1a2f6db7efc3b0d69690dc2d68e4a88c7
SHA512

b4ff21a6bdb97c97ea1842425fcf4661b8f27488f59b5fe37ec7524a634d508b8eebc963a4bd7db81e27a3ef220adeb4efda38cab3ac78d80a27d89477660c33
SSDEEP

768:sE9hghdN12Ozhiow2Gkm6TcB/pBzNBwIldMzoH:su+zMOlw2GkmdB/Bld8oH

Score

10^/10

xtremerat discovery persistence rat spyware

Malware Config

Signatures

Detect XtremeRAT payload 29 IoCs

resource	yara_rule
behavioral2/files/0x0007000000023c8b-2.dat	family_xtremerat
behavioral2/memory/1208-3-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/4400-8-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/4552-13-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/4812-18-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/1436-23-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/2188-28-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/1652-33-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/1208-38-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/5104-43-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/3668-48-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/1596-53-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/3448-58-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/3784-63-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/4136-69-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/4664-74-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/2184-79-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/1432-84-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/3448-90-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/4020-95-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/4308-100-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/3692-105-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/1376-111-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/2176-116-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/2840-120-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/1408-123-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/2196-126-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/3692-129-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/3412-132-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat

XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
persistence spyware rat xtremerat
Xtremerat family
xtremerat

Checks computer location settings 2 TTPs 28 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe

Executes dropped EXE 28 IoCs

pid	Process
4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
4552	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
4812	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
1436	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2188	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
1652	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
5104	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3668	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
1596	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3448	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3784	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
4136	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
4664	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2184	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
1432	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3448	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
4020	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
4308	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3692	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
1376	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2176	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2840	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
1408	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
2196	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3692	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
3412	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
4620	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 29 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe

Modifies registry class 28 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 2948	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	85
PID 1208 wrote to memory of 2948	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	85
PID 1208 wrote to memory of 2948	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	85
PID 1208 wrote to memory of 3136	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	86
PID 1208 wrote to memory of 3136	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	86
PID 1208 wrote to memory of 3136	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	86
PID 1208 wrote to memory of 4612	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	87
PID 1208 wrote to memory of 4612	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	87
PID 1208 wrote to memory of 4612	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	87
PID 1208 wrote to memory of 1352	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	88
PID 1208 wrote to memory of 1352	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	88
PID 1208 wrote to memory of 1352	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	88
PID 1208 wrote to memory of 1404	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	89
PID 1208 wrote to memory of 1404	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	89
PID 1208 wrote to memory of 1404	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	89
PID 1208 wrote to memory of 3176	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	90
PID 1208 wrote to memory of 3176	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	90
PID 1208 wrote to memory of 3176	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	90
PID 1208 wrote to memory of 3396	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	91
PID 1208 wrote to memory of 3396	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	91
PID 1208 wrote to memory of 3396	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	91
PID 1208 wrote to memory of 2568	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	92
PID 1208 wrote to memory of 2568	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	92
PID 1208 wrote to memory of 4400	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	93
PID 1208 wrote to memory of 4400	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	93
PID 1208 wrote to memory of 4400	1208	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	93
PID 4400 wrote to memory of 4476	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	94
PID 4400 wrote to memory of 4476	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	94
PID 4400 wrote to memory of 4476	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	94
PID 4400 wrote to memory of 1936	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	95
PID 4400 wrote to memory of 1936	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	95
PID 4400 wrote to memory of 1936	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	95
PID 4400 wrote to memory of 60	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	96
PID 4400 wrote to memory of 60	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	96
PID 4400 wrote to memory of 60	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	96
PID 4400 wrote to memory of 3928	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	97
PID 4400 wrote to memory of 3928	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	97
PID 4400 wrote to memory of 3928	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	97
PID 4400 wrote to memory of 3408	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	98
PID 4400 wrote to memory of 3408	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	98
PID 4400 wrote to memory of 3408	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	98
PID 4400 wrote to memory of 1756	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	99
PID 4400 wrote to memory of 1756	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	99
PID 4400 wrote to memory of 1756	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	99
PID 4400 wrote to memory of 3708	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	100
PID 4400 wrote to memory of 3708	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	100
PID 4400 wrote to memory of 3708	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	100
PID 4400 wrote to memory of 1476	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	101
PID 4400 wrote to memory of 1476	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	101
PID 4400 wrote to memory of 4552	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	102
PID 4400 wrote to memory of 4552	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	102
PID 4400 wrote to memory of 4552	4400	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	102
PID 4552 wrote to memory of 1244	4552	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	103
PID 4552 wrote to memory of 1244	4552	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	103
PID 4552 wrote to memory of 1244	4552	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	103
PID 4552 wrote to memory of 4860	4552	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	104
PID 4552 wrote to memory of 4860	4552	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	104
PID 4552 wrote to memory of 4860	4552	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	104
PID 4552 wrote to memory of 3112	4552	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	105
PID 4552 wrote to memory of 3112	4552	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	105
PID 4552 wrote to memory of 3112	4552	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	105
PID 4552 wrote to memory of 1648	4552	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	106
PID 4552 wrote to memory of 1648	4552	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	106
PID 4552 wrote to memory of 1648	4552	JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe	106

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:2568
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
  "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:4400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:4476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:1936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:60
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:3928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:3408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:1756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:3708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:1476
- - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:4552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
      "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:4812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:3164
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:2652
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:2368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:4236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:3216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:3884
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:3120
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1436
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:212
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4596
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4736
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:1804
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2964
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:1480
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3244
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2188
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:508
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:2344
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:1528
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:4100
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:3696
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:3116
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:3440
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        7⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1652
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:4288
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:1064
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:3612
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:4036
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:3948
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:856
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:2940
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        8⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1208
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:2648
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4528
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:3600
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:3132
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4156
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:1092
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:2704
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        9⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5104
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:2512
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:1052
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:4024
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:2788
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:3228
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:2120
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:3916
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        10⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3668
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:804
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:788
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:912
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:4796
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:2680
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:3016
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:696
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        11⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1596
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:2464
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:1620
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:3640
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:4248
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:3672
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:2216
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:4784
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        12⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3448
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:3984
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:2600
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:4052
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:3128
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:3644
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:972
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:4372
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        13⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3784
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:1260
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:3204
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:4608
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:2852
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:396
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:4564
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:4844
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        14⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4136
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:1812
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:4192
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:4436
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:4732
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:948
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:4088
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:2860
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        15⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4664
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:4276
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:1592
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:3280
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:1496
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:100
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:3560
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:4916
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        16⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2184
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:3620
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:3628
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:3812
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:4396
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:2684
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:2388
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:384
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        17⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1432
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:4200
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:1400
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:1340
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:4628
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:5116
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:4260
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:4820
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        18⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3448
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:3936
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:2188
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:3732
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:3784
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:2812
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:4040
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:2596
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        19⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4020
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:4284
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:3108
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:1640
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:1508
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:3452
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:3552
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:1748
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        20⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4308
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:2156
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:2832
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:4956
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:1444
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:4148
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:464
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:2848
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        21⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3692
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:1472
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:3224
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:852
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:3260
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:1492
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:4104
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:740
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        22⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1376
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:2168
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:3520
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:4828
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:916
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:2324
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:4552
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:3516
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        23⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2176
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:1176
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:2724
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:1524
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:392
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:4016
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:3660
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:444
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        24⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2840
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:4924
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:3352
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:3208
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:3888
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:3824
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:1376
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:2436
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        25⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1408
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:4884
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:1308
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:4728
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:4000
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:3256
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:1912
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:1396
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        26⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2196
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:4440
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:4984
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:3828
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:2160
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:3148
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:2376
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:1728
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        27⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3692
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:3532
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:2808
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:1224
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:404
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:1096
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:1408
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:4184
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        28⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3412
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:1784
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:512
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:4112
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:4992
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:400
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:3668
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:3692
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe"
        29⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4620
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        30⤵
        
        PID:5148
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        30⤵
        
        PID:5164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e0e3ec1a307f22bae37cc7f0ccc5cbe.exe

Filesize
40KB

MD5
5e0e3ec1a307f22bae37cc7f0ccc5cbe

SHA1
fd851564f2e84e5cc6d5de5ca914c46db568dd60

SHA256
1dfae01636f73d6b4fdfee9e19ba37e1a2f6db7efc3b0d69690dc2d68e4a88c7

SHA512
b4ff21a6bdb97c97ea1842425fcf4661b8f27488f59b5fe37ec7524a634d508b8eebc963a4bd7db81e27a3ef220adeb4efda38cab3ac78d80a27d89477660c33

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\lFsfBDAJ.cfg

Filesize
1KB

MD5
ec3a1bf69c182f06b7767d638dd4168a

SHA1
dfb0b9843c90f6a31304dec3d197d2183d076e1d

SHA256
e928fb33de9784d90682c2c38f0da4b11c71cdc2556d54bb482be84f5843253f

SHA512
30bc82477a2204e041d1309a8fa58ebe814b5c66a8636abf1f59f0754052619fb1efcd4020ce5cf48a377ee3d0813fec6ffe710ebdff6e1bdff545121ea64aa7

Download Submit
memory/1208-38-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1208-3-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1376-111-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1408-123-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1432-84-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1436-23-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1596-53-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1652-33-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2176-116-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2184-79-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2188-28-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2196-126-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2840-120-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3412-132-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3448-58-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3448-90-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3668-48-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3692-129-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3692-105-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3784-63-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/4020-95-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/4136-69-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/4308-100-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/4400-8-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/4552-13-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/4664-74-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/4812-18-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/5104-43-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download