xtremerat | 785edfc022cb05581d2302ec960bec111ff3e960c43d5afd8aff1e1046a0a9eb

Analysis

max time kernel
149s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
06-02-2025 01:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Size

20KB
MD5

a5c683232326b24e4aea46adbd959bf4
SHA1

31e4e011b79cf0d6784597e0acac79dc7dc843cd
SHA256

785edfc022cb05581d2302ec960bec111ff3e960c43d5afd8aff1e1046a0a9eb
SHA512

0da1698dc0740e890c68ce4d2e8c21a3f552c2753eacc95be03354ad9133b6db9f5102a50d54f1b4092a4aef2b92e5ffb650336549511eba37d82c492d1a1952
SSDEEP

384:sIdmF+Ti213fEF9QZd/cBr5lholKKNW9j8MKy6Kli+9+b9eeyZYtbWjOMLlCuU39:sIsF81fG9QveThAxN+l3wb0dZSoOkIuw

Score

10^/10

xtremerat discovery persistence rat spyware upx

Malware Config

Signatures

Detect XtremeRAT payload 31 IoCs

resource	yara_rule
behavioral2/memory/3956-4-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/3820-9-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/2768-14-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/3844-19-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/3540-23-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/3460-28-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/4868-33-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/4768-38-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/1220-43-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/3028-48-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/348-53-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/3460-58-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/4136-63-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/1832-68-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/1068-73-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/4584-78-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/2648-83-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/464-88-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/3872-93-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/4584-98-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/1384-102-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/3680-104-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/1384-109-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/2016-114-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/5140-119-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/5344-124-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/5544-128-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/5700-133-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/5852-138-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/5132-143-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral2/memory/4292-148-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat

XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
persistence spyware rat xtremerat
Xtremerat family
xtremerat

Checks computer location settings 2 TTPs 30 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe

UPX packed file 32 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3956-0-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/3956-4-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/3820-9-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/2768-14-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/3844-19-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/3540-23-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/3460-28-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/4868-33-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/4768-38-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/1220-43-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/3028-48-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/348-53-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/3460-58-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/4136-63-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/1832-68-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/1068-73-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/4584-78-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/2648-83-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/464-88-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/3872-93-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/4584-98-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/1384-102-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/3680-104-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/1384-109-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/2016-114-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/5140-119-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/5344-124-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/5544-128-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/5700-133-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/5852-138-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/5132-143-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral2/memory/4292-148-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 31 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3956 wrote to memory of 3696	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	85
PID 3956 wrote to memory of 3696	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	85
PID 3956 wrote to memory of 3696	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	85
PID 3956 wrote to memory of 1520	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	89
PID 3956 wrote to memory of 1520	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	89
PID 3956 wrote to memory of 1520	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	89
PID 3956 wrote to memory of 4092	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	90
PID 3956 wrote to memory of 4092	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	90
PID 3956 wrote to memory of 4092	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	90
PID 3956 wrote to memory of 4552	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	94
PID 3956 wrote to memory of 4552	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	94
PID 3956 wrote to memory of 4552	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	94
PID 3956 wrote to memory of 5052	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	96
PID 3956 wrote to memory of 5052	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	96
PID 3956 wrote to memory of 5052	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	96
PID 3956 wrote to memory of 872	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	99
PID 3956 wrote to memory of 872	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	99
PID 3956 wrote to memory of 872	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	99
PID 3956 wrote to memory of 316	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	100
PID 3956 wrote to memory of 316	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	100
PID 3956 wrote to memory of 316	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	100
PID 3956 wrote to memory of 1828	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	101
PID 3956 wrote to memory of 1828	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	101
PID 3956 wrote to memory of 3820	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	102
PID 3956 wrote to memory of 3820	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	102
PID 3956 wrote to memory of 3820	3956	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	102
PID 3820 wrote to memory of 3508	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	103
PID 3820 wrote to memory of 3508	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	103
PID 3820 wrote to memory of 3508	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	103
PID 3820 wrote to memory of 3324	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	105
PID 3820 wrote to memory of 3324	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	105
PID 3820 wrote to memory of 3324	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	105
PID 3820 wrote to memory of 4460	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	106
PID 3820 wrote to memory of 4460	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	106
PID 3820 wrote to memory of 4460	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	106
PID 3820 wrote to memory of 3924	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	107
PID 3820 wrote to memory of 3924	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	107
PID 3820 wrote to memory of 3924	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	107
PID 3820 wrote to memory of 3480	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	108
PID 3820 wrote to memory of 3480	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	108
PID 3820 wrote to memory of 3480	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	108
PID 3820 wrote to memory of 3864	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	109
PID 3820 wrote to memory of 3864	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	109
PID 3820 wrote to memory of 3864	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	109
PID 3820 wrote to memory of 940	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	111
PID 3820 wrote to memory of 940	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	111
PID 3820 wrote to memory of 940	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	111
PID 3820 wrote to memory of 376	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	112
PID 3820 wrote to memory of 376	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	112
PID 3820 wrote to memory of 2768	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	113
PID 3820 wrote to memory of 2768	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	113
PID 3820 wrote to memory of 2768	3820	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	113
PID 2768 wrote to memory of 588	2768	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	114
PID 2768 wrote to memory of 588	2768	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	114
PID 2768 wrote to memory of 588	2768	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	114
PID 2768 wrote to memory of 2584	2768	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	115
PID 2768 wrote to memory of 2584	2768	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	115
PID 2768 wrote to memory of 2584	2768	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	115
PID 2768 wrote to memory of 1812	2768	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	116
PID 2768 wrote to memory of 1812	2768	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	116
PID 2768 wrote to memory of 1812	2768	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	116
PID 2768 wrote to memory of 2464	2768	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	118
PID 2768 wrote to memory of 2464	2768	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	118
PID 2768 wrote to memory of 2464	2768	JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe	118

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:1828
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
  "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:3508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:3324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:4460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:3924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:3480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:3864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:376
- - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:2584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:2464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
      "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      PID:3844
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:2300
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:2224
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:4924
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:2888
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:1144
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:4400
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:1304
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        5⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:3540
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2692
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2776
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:432
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2664
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4056
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:1004
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2852
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        6⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:3460
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:748
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:4328
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:3468
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:3444
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:2612
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:3656
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:2444
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        7⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4868
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:3104
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:916
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:644
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:1584
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:3124
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:3412
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:244
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        8⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4768
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4968
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:2724
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:1796
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:2556
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4408
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:1700
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:2964
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        9⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1220
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:1852
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:1348
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:1548
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:1540
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:1672
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:3800
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:4368
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        10⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:3028
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:4284
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:3208
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:1060
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:808
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:2268
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:4824
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:1588
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        11⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:348
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:3492
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:4068
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:4360
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:64
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:5036
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:1640
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:4456
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        12⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:3460
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:3824
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:4720
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:4652
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:920
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:1480
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:4296
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:3484
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        13⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4136
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:2228
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:4132
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:2972
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:2092
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:2056
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:1164
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:968
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        14⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1832
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:348
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:2764
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:1732
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:4336
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:224
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:5040
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:4272
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        15⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1068
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:3460
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:1380
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:3472
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:1256
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:1996
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:4564
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:4536
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        16⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4584
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:2176
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:860
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:1188
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:3552
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:3464
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:1252
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:2992
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        17⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:2648
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:4576
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:876
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:3880
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:2768
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:4268
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:4376
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:2220
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        18⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:464
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:688
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:4412
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:2148
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:3996
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:1212
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:4844
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:4500
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        19⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:3872
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:3380
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:3780
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:2876
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:2304
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:732
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:8
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:4868
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        20⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4584
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:1572
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:4820
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:2580
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:4668
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:1232
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:1464
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:396
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        21⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        21⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:3680
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:5044
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:3248
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:2844
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:3488
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:3388
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:3636
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:2184
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        22⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        22⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:1384
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:1064
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:1648
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:5068
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:2528
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:2252
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:1656
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:3096
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        23⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        23⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:2016
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:4724
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:2864
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:464
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:2012
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:4748
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:4448
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:4304
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        24⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        24⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:5140
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:5184
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:5200
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:5212
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:5232
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:5244
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:5252
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:5308
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        25⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        25⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:5344
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:5388
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:5396
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:5408
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:5440
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:5460
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:5468
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:5484
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        26⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        26⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:5544
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:5596
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:5604
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:5616
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:5624
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:5636
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:5644
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:5656
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        27⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        27⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:5700
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:5740
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:5748
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:5760
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:5772
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:5784
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:5796
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:5808
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        28⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        28⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:5852
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:5896
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:5904
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:5916
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:5924
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:6088
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:6116
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:6128
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        29⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        29⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:5132
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        30⤵
        
        PID:5240
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        30⤵
        
        PID:5260
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        30⤵
        
        PID:5164
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        30⤵
        
        PID:5160
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        30⤵
        
        PID:5332
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        30⤵
        
        PID:5140
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        30⤵
        
        PID:5380
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        30⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        30⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:4292
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        31⤵
        
        PID:5476
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        31⤵
        
        PID:5508
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        31⤵
        
        PID:864
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        31⤵
        
        PID:4992
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        31⤵
        
        PID:3012
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        31⤵
        
        PID:632
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        31⤵
        
        PID:4904
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        31⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe
        
        "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a5c683232326b24e4aea46adbd959bf4.exe"
        31⤵
        System Location Discovery: System Language Discovery
        
        PID:5348
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        32⤵
        
        PID:5584
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        32⤵
        
        PID:980
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        32⤵
        
        PID:5524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

Filesize
1KB

MD5
39f574d9a074d3a4171a5c36bce429af

SHA1
236f1524cccb8430766635649ef872d15f80d9a9

SHA256
72c228ce7647997b97f66ff616e4f0f9de27d104fd412fb10ccd83482a84bdb4

SHA512
7c95353279115b7e83fb826dc2f2cbd8b2a360e48377da44ddf25dc8597b08233cd593c54ff407500cd4f944e4834186737cf6b2d1b119ca529467b16e47e65c

Download Submit
memory/348-53-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/464-88-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/1068-73-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/1220-43-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/1384-109-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/1384-102-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/1832-68-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2016-114-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2648-83-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2768-14-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/3028-48-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/3460-58-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/3460-28-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/3540-23-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/3680-104-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/3820-9-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/3844-19-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/3872-93-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/3956-4-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/3956-0-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/4136-63-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/4292-148-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/4584-98-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/4584-78-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/4768-38-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/4868-33-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/5132-143-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/5140-119-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/5344-124-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/5544-128-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/5700-133-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/5852-138-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download