xtremerat | f42f197b3b18e005a22c9da207b9329f8652a04dfee4763e8511d25956a88f14

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-02-2025 21:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Size

220KB
MD5

8110306b61afb2a417be0444fa176a4b
SHA1

ca4408bf8b77d60f0dae1af90f35cff18b37f225
SHA256

f42f197b3b18e005a22c9da207b9329f8652a04dfee4763e8511d25956a88f14
SHA512

907d5af61fe187ad563e1e07d374973050eb094823dcf1486271f3e6f5de34e55826b42a0a285f7e024b2a4b931ec0efc33626b42f2d0778ae799a96b7ad3a34
SSDEEP

1536:BLabUUGudow0LdaYquDdO+1KdM0mDw7jFd+npdMX/bcd91ERDIvbUUGudow0Ldav:ENow0LdEWrpY+npiX/K1EhIBNow0Ld

Score

10^/10

xtremerat discovery persistence rat spyware upx

Malware Config

Signatures

Detect XtremeRAT payload 5 IoCs

resource	yara_rule
behavioral1/memory/2248-5-0x0000000000C80000-0x0000000000C95000-memory.dmp	family_xtremerat
behavioral1/memory/2248-6-0x0000000000C80000-0x0000000000C95000-memory.dmp	family_xtremerat
behavioral1/memory/2248-9-0x0000000000C80000-0x0000000000C95000-memory.dmp	family_xtremerat
behavioral1/memory/2080-16-0x0000000000C80000-0x0000000000C95000-memory.dmp	family_xtremerat
behavioral1/memory/2080-20-0x0000000000C80000-0x0000000000C95000-memory.dmp	family_xtremerat

XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
persistence spyware rat xtremerat
Xtremerat family
xtremerat

Suspicious use of SetThreadContext 33 IoCs

description	pid	Process	procid_target
PID 3016 set thread context of 2248	3016	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	30
PID 1832 set thread context of 2080	1832	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	40
PID 2892 set thread context of 2624	2892	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	50
PID 1256 set thread context of 468	1256	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	61
PID 1368 set thread context of 316	1368	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	71
PID 2496 set thread context of 756	2496	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	81
PID 2404 set thread context of 2352	2404	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	91
PID 1132 set thread context of 2208	1132	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	101
PID 708 set thread context of 1340	708	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	111
PID 2160 set thread context of 2512	2160	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	121
PID 1660 set thread context of 1656	1660	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	131
PID 2384 set thread context of 2168	2384	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	141
PID 2608 set thread context of 2736	2608	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	151
PID 2660 set thread context of 2612	2660	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	161
PID 1008 set thread context of 1400	1008	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	171
PID 2380 set thread context of 2576	2380	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	181
PID 2864 set thread context of 2812	2864	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	191
PID 1300 set thread context of 1784	1300	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	201
PID 1800 set thread context of 560	1800	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	211
PID 944 set thread context of 612	944	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	221
PID 3148 set thread context of 3164	3148	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	231
PID 3284 set thread context of 3300	3284	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	241
PID 3412 set thread context of 3428	3412	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	251
PID 3548 set thread context of 3564	3548	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	261
PID 3680 set thread context of 3696	3680	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	271
PID 3824 set thread context of 3840	3824	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	281
PID 3952 set thread context of 3968	3952	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	291
PID 4088 set thread context of 3092	4088	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	301
PID 3368 set thread context of 3336	3368	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	311
PID 3708 set thread context of 3664	3708	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	321
PID 4052 set thread context of 1344	4052	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	331
PID 3704 set thread context of 3784	3704	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	341
PID 3692 set thread context of 3716	3692	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	351

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2248-2-0x0000000000C80000-0x0000000000C95000-memory.dmp	upx
behavioral1/memory/2248-5-0x0000000000C80000-0x0000000000C95000-memory.dmp	upx
behavioral1/memory/2248-6-0x0000000000C80000-0x0000000000C95000-memory.dmp	upx
behavioral1/memory/2248-4-0x0000000000C80000-0x0000000000C95000-memory.dmp	upx
behavioral1/memory/2248-9-0x0000000000C80000-0x0000000000C95000-memory.dmp	upx
behavioral1/memory/2080-16-0x0000000000C80000-0x0000000000C95000-memory.dmp	upx
behavioral1/memory/2080-20-0x0000000000C80000-0x0000000000C95000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe

Suspicious use of SetWindowsHookEx 33 IoCs

pid	Process
3016	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
1832	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
2892	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
1256	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
1368	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
2496	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
2404	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
1132	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
708	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
2160	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
1660	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
2384	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
2608	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
2660	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
1008	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
2380	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
2864	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
1300	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
1800	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
944	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
3148	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
3284	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
3412	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
3548	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
3680	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
3824	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
3952	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
4088	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
3368	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
3708	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
4052	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
3704	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
3692	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2248	3016	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	30
PID 3016 wrote to memory of 2248	3016	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	30
PID 3016 wrote to memory of 2248	3016	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	30
PID 3016 wrote to memory of 2248	3016	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	30
PID 3016 wrote to memory of 2248	3016	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	30
PID 3016 wrote to memory of 2248	3016	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	30
PID 3016 wrote to memory of 2248	3016	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	30
PID 3016 wrote to memory of 2248	3016	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	30
PID 3016 wrote to memory of 2248	3016	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	30
PID 2248 wrote to memory of 2408	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	31
PID 2248 wrote to memory of 2408	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	31
PID 2248 wrote to memory of 2408	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	31
PID 2248 wrote to memory of 2408	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	31
PID 2248 wrote to memory of 2408	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	31
PID 2248 wrote to memory of 1724	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	32
PID 2248 wrote to memory of 1724	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	32
PID 2248 wrote to memory of 1724	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	32
PID 2248 wrote to memory of 1724	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	32
PID 2248 wrote to memory of 1724	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	32
PID 2248 wrote to memory of 1712	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	33
PID 2248 wrote to memory of 1712	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	33
PID 2248 wrote to memory of 1712	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	33
PID 2248 wrote to memory of 1712	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	33
PID 2248 wrote to memory of 1712	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	33
PID 2248 wrote to memory of 1864	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	34
PID 2248 wrote to memory of 1864	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	34
PID 2248 wrote to memory of 1864	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	34
PID 2248 wrote to memory of 1864	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	34
PID 2248 wrote to memory of 1864	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	34
PID 2248 wrote to memory of 1692	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	35
PID 2248 wrote to memory of 1692	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	35
PID 2248 wrote to memory of 1692	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	35
PID 2248 wrote to memory of 1692	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	35
PID 2248 wrote to memory of 1692	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	35
PID 2248 wrote to memory of 2792	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	36
PID 2248 wrote to memory of 2792	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	36
PID 2248 wrote to memory of 2792	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	36
PID 2248 wrote to memory of 2792	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	36
PID 2248 wrote to memory of 2792	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	36
PID 2248 wrote to memory of 2852	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	37
PID 2248 wrote to memory of 2852	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	37
PID 2248 wrote to memory of 2852	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	37
PID 2248 wrote to memory of 2852	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	37
PID 2248 wrote to memory of 2852	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	37
PID 2248 wrote to memory of 2284	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	38
PID 2248 wrote to memory of 2284	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	38
PID 2248 wrote to memory of 2284	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	38
PID 2248 wrote to memory of 2284	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	38
PID 2248 wrote to memory of 1832	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	39
PID 2248 wrote to memory of 1832	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	39
PID 2248 wrote to memory of 1832	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	39
PID 2248 wrote to memory of 1832	2248	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	39
PID 1832 wrote to memory of 2080	1832	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	40
PID 1832 wrote to memory of 2080	1832	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	40
PID 1832 wrote to memory of 2080	1832	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	40
PID 1832 wrote to memory of 2080	1832	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	40
PID 1832 wrote to memory of 2080	1832	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	40
PID 1832 wrote to memory of 2080	1832	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	40
PID 1832 wrote to memory of 2080	1832	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	40
PID 1832 wrote to memory of 2080	1832	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	40
PID 1832 wrote to memory of 2080	1832	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	40
PID 2080 wrote to memory of 2840	2080	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	41
PID 2080 wrote to memory of 2840	2080	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	41
PID 2080 wrote to memory of 2840	2080	JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe	41

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
  "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2248
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2408
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1724
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1712
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1864
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1692
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2792
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2852
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2284
- - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
    3⤵
    - Suspicious use of SetThreadContext
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1832
  - - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
      "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2080
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2840
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2872
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2720
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2836
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2728
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2604
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2796
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        5⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2624
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2708
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1356
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2600
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2716
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2332
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2144
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2880
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        7⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:468
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:380
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1740
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:304
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:584
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:3036
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2928
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:3064
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        9⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:316
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2936
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:544
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1044
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:696
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1584
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:484
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1516
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        11⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:756
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:1448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2252
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2104
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2568
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2124
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2552
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2268
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        13⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2352
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:1640
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2140
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2120
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:1848
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:3028
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:1016
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2492
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        15⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2208
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:1100
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:2028
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:956
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:1620
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:1052
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:952
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:1980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        17⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:1340
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:1736
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:2976
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:1764
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:1808
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:916
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:2488
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:1672
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        19⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:2512
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:2904
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:2128
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:2204
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:2364
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:1492
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:336
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:1896
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        21⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        22⤵
        System Location Discovery: System Language Discovery
        
        PID:1656
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:2292
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:1632
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:2300
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:1600
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:2256
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:1708
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:1608
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        23⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        24⤵
        System Location Discovery: System Language Discovery
        
        PID:2168
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2440
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2844
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2748
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2800
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2832
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2620
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2436
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        25⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        26⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:1212
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:2696
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:1488
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:1648
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:2664
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:2888
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:320
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        27⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        28⤵
        System Location Discovery: System Language Discovery
        
        PID:2612
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:2040
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:1548
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:1752
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:2228
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:1380
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:1284
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:996
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        29⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        30⤵
        System Location Discovery: System Language Discovery
        
        PID:1400
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:760
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:1536
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:296
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:1540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:2224
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:1820
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:2164
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        31⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        32⤵
        System Location Discovery: System Language Discovery
        
        PID:2576
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:2520
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:764
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:1960
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:2368
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:2540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:2744
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:1948
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        33⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        33⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        34⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        35⤵
        
        PID:2584
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        35⤵
        
        PID:2912
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        35⤵
        
        PID:2616
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        35⤵
        
        PID:1160
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        35⤵
        
        PID:1684
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        35⤵
        
        PID:2356
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        35⤵
        
        PID:2264
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        35⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        35⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        36⤵
        System Location Discovery: System Language Discovery
        
        PID:1784
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        37⤵
        
        PID:704
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        37⤵
        
        PID:1732
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        37⤵
        
        PID:2260
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        37⤵
        
        PID:2532
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        37⤵
        
        PID:1252
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        37⤵
        
        PID:892
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        37⤵
        
        PID:2196
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        37⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        37⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        38⤵
        System Location Discovery: System Language Discovery
        
        PID:560
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        39⤵
        
        PID:2524
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        39⤵
        
        PID:496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        39⤵
        
        PID:352
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        39⤵
        
        PID:1884
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        39⤵
        
        PID:2212
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        39⤵
        
        PID:1144
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        39⤵
        
        PID:2652
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        39⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        39⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        40⤵
        System Location Discovery: System Language Discovery
        
        PID:612
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        41⤵
        
        PID:1496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        41⤵
        
        PID:3076
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        41⤵
        
        PID:3084
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        41⤵
        
        PID:3096
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        41⤵
        
        PID:3104
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        41⤵
        
        PID:3116
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        41⤵
        
        PID:3124
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        41⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        41⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        42⤵
        System Location Discovery: System Language Discovery
        
        PID:3164
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        43⤵
        
        PID:3196
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        43⤵
        
        PID:3212
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        43⤵
        
        PID:3220
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        43⤵
        
        PID:3232
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        43⤵
        
        PID:3240
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        43⤵
        
        PID:3252
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        43⤵
        
        PID:3260
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        43⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        43⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        44⤵
        System Location Discovery: System Language Discovery
        
        PID:3300
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        45⤵
        
        PID:3328
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        45⤵
        
        PID:3340
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        45⤵
        
        PID:3352
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        45⤵
        
        PID:3360
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        45⤵
        
        PID:3372
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        45⤵
        
        PID:3380
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        45⤵
        
        PID:3392
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        45⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        45⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        46⤵
        System Location Discovery: System Language Discovery
        
        PID:3428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        47⤵
        
        PID:3460
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        47⤵
        
        PID:3476
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        47⤵
        
        PID:3488
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        47⤵
        
        PID:3496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        47⤵
        
        PID:3508
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        47⤵
        
        PID:3516
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        47⤵
        
        PID:3528
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        47⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        47⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        48⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        49⤵
        
        PID:3592
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        49⤵
        
        PID:3608
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        49⤵
        
        PID:3616
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        49⤵
        
        PID:3628
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        49⤵
        
        PID:3636
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        49⤵
        
        PID:3648
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        49⤵
        
        PID:3656
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        49⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        49⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        50⤵
        System Location Discovery: System Language Discovery
        
        PID:3696
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        51⤵
        
        PID:3728
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        51⤵
        
        PID:3744
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        51⤵
        
        PID:3752
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        51⤵
        
        PID:3764
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        51⤵
        
        PID:3776
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        51⤵
        
        PID:3788
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        51⤵
        
        PID:3800
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        51⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        51⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        52⤵
        System Location Discovery: System Language Discovery
        
        PID:3840
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        53⤵
        
        PID:3868
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        53⤵
        
        PID:3880
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        53⤵
        
        PID:3892
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        53⤵
        
        PID:3900
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        53⤵
        
        PID:3912
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        53⤵
        
        PID:3920
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        53⤵
        
        PID:3932
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        53⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        53⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        54⤵
        System Location Discovery: System Language Discovery
        
        PID:3968
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        55⤵
        
        PID:4000
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        55⤵
        
        PID:4016
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        55⤵
        
        PID:4024
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        55⤵
        
        PID:4036
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        55⤵
        
        PID:4044
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        55⤵
        
        PID:4056
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        55⤵
        
        PID:4064
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        55⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        55⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        56⤵
        System Location Discovery: System Language Discovery
        
        PID:3092
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        57⤵
        
        PID:3172
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        57⤵
        
        PID:3192
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        57⤵
        
        PID:3208
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        57⤵
        
        PID:3248
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        57⤵
        
        PID:2984
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        57⤵
        
        PID:3280
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        57⤵
        
        PID:3296
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        57⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        57⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        58⤵
        System Location Discovery: System Language Discovery
        
        PID:3336
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        59⤵
        
        PID:3468
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        59⤵
        
        PID:3472
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        59⤵
        
        PID:3556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        59⤵
        
        PID:3572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        59⤵
        
        PID:3524
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        59⤵
        
        PID:3604
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        59⤵
        
        PID:3600
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        59⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        59⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        60⤵
        System Location Discovery: System Language Discovery
        
        PID:3664
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        61⤵
        
        PID:3832
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        61⤵
        
        PID:3852
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        61⤵
        
        PID:3808
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        61⤵
        
        PID:3908
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        61⤵
        
        PID:3948
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        61⤵
        
        PID:3964
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        61⤵
        
        PID:3984
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        61⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        61⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        62⤵
        System Location Discovery: System Language Discovery
        
        PID:1344
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        63⤵
        
        PID:2220
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        63⤵
        
        PID:2432
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        63⤵
        
        PID:3180
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        63⤵
        
        PID:3320
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        63⤵
        
        PID:3424
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        63⤵
        
        PID:3452
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        63⤵
        
        PID:3312
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        63⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        63⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        64⤵
        System Location Discovery: System Language Discovery
        
        PID:3784
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        65⤵
        
        PID:3860
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        65⤵
        
        PID:4032
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        65⤵
        
        PID:4084
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        65⤵
        
        PID:3144
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        65⤵
        
        PID:1236
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        65⤵
        
        PID:1292
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        65⤵
        
        PID:2360
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        65⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        65⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8110306b61afb2a417be0444fa176a4b.exe"
        66⤵
        
        PID:3716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\q!ZQVAuQ.cfg

Filesize
1KB

MD5
5aa22129abd9e97c918ebb4f85c6fab9

SHA1
b44cfb4667662415bfbcc31e22ffb779d0c61114

SHA256
0bea9320f8e1453921201978668f0e9c9595d0d7dedb2239e9a721bd58e58215

SHA512
8d6316277bb30ba7c4744491d5152a5f5ba3686244ab5d3c4aee6552a025c5fa38fe7dcc23cc8245a8cadb16f4e7da73d2821ffcdcb81ef70775b4b55b9621ef

Download Submit
memory/2080-16-0x0000000000C80000-0x0000000000C95000-memory.dmp

Filesize
84KB

Download
memory/2080-20-0x0000000000C80000-0x0000000000C95000-memory.dmp

Filesize
84KB

Download
memory/2248-2-0x0000000000C80000-0x0000000000C95000-memory.dmp

Filesize
84KB

Download
memory/2248-5-0x0000000000C80000-0x0000000000C95000-memory.dmp

Filesize
84KB

Download
memory/2248-6-0x0000000000C80000-0x0000000000C95000-memory.dmp

Filesize
84KB

Download
memory/2248-4-0x0000000000C80000-0x0000000000C95000-memory.dmp

Filesize
84KB

Download
memory/2248-9-0x0000000000C80000-0x0000000000C95000-memory.dmp

Filesize
84KB

Download