modiloader | fb4aef1c345a246ca40f7629e3a760a69e7a84161995286cda1fd26aa74c3ae9

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 06:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Size

68KB
MD5

19224d8fe2957721118d14faef5096ce
SHA1

2438ee98bc8a07143c6e64c7a1bcb1386878baa3
SHA256

fb4aef1c345a246ca40f7629e3a760a69e7a84161995286cda1fd26aa74c3ae9
SHA512

867d2e0d94ab71c4d6eb2ec9df1c79ebbca8b6d3db8c0f58cf27bb1ea852c0caed39fe058f0ed194df41354177881ee2d8ae4d9c59b10c3afbcb17a3425833de
SSDEEP

1536:p4jqi5axwdaPpyNlDgS54QuZxDuKTVWCrx4LTT61B8:ujpaxGaPpyNV54DyiVd12

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 10 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2244-4-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral1/memory/2092-13-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral1/memory/2644-22-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral1/memory/2524-28-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral1/memory/2296-34-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral1/memory/2688-40-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral1/memory/2588-46-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral1/memory/1280-52-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral1/memory/2176-58-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral1/memory/2716-64-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2

Suspicious use of SetThreadContext 64 IoCs

Processes:

19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

description	pid	process
Token: SeIncBasePriorityPrivilege	2824	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2972	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2772	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3032	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2604	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2628	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2636	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2964	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	560	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1956	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	336	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1852	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1048	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1196	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2344	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2500	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2496	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	788	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1776	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1576	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2360	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1368	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1644	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	620	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2116	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2036	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2148	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1184	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2824	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2768	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2640	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2756	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2652	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2532	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2008	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2204	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1672	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2164	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1868	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1664	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1248	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2804	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2368	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2108	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2152	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1488	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1480	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	828	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2336	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1524	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2076	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	752	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	620	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	852	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2036	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2104	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1184	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2824	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2768	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2648	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2756	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2680	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2532	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2028	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2244

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2824

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
3⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2092

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
4⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2972

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
5⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2644

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
6⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2772

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
7⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2524

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
8⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3032

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
9⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2296

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
10⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2604

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
11⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2688

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
12⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2628

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
13⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2588

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
14⤵
- Suspicious use of AdjustPrivilegeToken
PID:2636

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
15⤵
- Suspicious use of SetThreadContext
PID:1280

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
16⤵
- Suspicious use of AdjustPrivilegeToken
PID:2964

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
17⤵
- Suspicious use of SetThreadContext
PID:2176

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
18⤵
- Suspicious use of AdjustPrivilegeToken
PID:560

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
19⤵
- Suspicious use of SetThreadContext
PID:2716

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
20⤵
- Suspicious use of AdjustPrivilegeToken
PID:1956

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
21⤵
- Suspicious use of SetThreadContext
PID:1228

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
22⤵
- Suspicious use of AdjustPrivilegeToken
PID:336

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
23⤵
- Suspicious use of SetThreadContext
PID:1988

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
24⤵
- Suspicious use of AdjustPrivilegeToken
PID:1852

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
25⤵
- Suspicious use of SetThreadContext
PID:2440

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
26⤵
- Suspicious use of AdjustPrivilegeToken
PID:1048

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
27⤵
- Suspicious use of SetThreadContext
PID:2480

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
28⤵
- Suspicious use of AdjustPrivilegeToken
PID:1196

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
29⤵
- Suspicious use of SetThreadContext
PID:2816

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
30⤵
- Suspicious use of AdjustPrivilegeToken
PID:2344

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
31⤵
- Suspicious use of SetThreadContext
PID:2612

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
32⤵
- Suspicious use of AdjustPrivilegeToken
PID:2500

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
33⤵
- Suspicious use of SetThreadContext
PID:2896

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
34⤵
- Suspicious use of AdjustPrivilegeToken
PID:2496

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
35⤵
- Suspicious use of SetThreadContext
PID:484

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
36⤵
- Suspicious use of AdjustPrivilegeToken
PID:788

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
37⤵
- Suspicious use of SetThreadContext
PID:1480

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
38⤵
- Suspicious use of AdjustPrivilegeToken
PID:1776

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
39⤵
- Suspicious use of SetThreadContext
PID:1812

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
40⤵
- Suspicious use of AdjustPrivilegeToken
PID:1576

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
41⤵
- Suspicious use of SetThreadContext
PID:2336

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
42⤵
- Suspicious use of AdjustPrivilegeToken
PID:2360

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
43⤵
- Suspicious use of SetThreadContext
PID:1524

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
44⤵
- Suspicious use of AdjustPrivilegeToken
PID:1368

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
45⤵
- Suspicious use of SetThreadContext
PID:1632

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
46⤵
- Suspicious use of AdjustPrivilegeToken
PID:1644

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
47⤵
- Suspicious use of SetThreadContext
PID:900

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
48⤵
- Suspicious use of AdjustPrivilegeToken
PID:620

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
49⤵
- Suspicious use of SetThreadContext
PID:2904

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
50⤵
- Suspicious use of AdjustPrivilegeToken
PID:2116

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
51⤵
- Suspicious use of SetThreadContext
PID:2980

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
52⤵
- Suspicious use of AdjustPrivilegeToken
PID:2036

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
53⤵
- Suspicious use of SetThreadContext
PID:876

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
54⤵
- Suspicious use of AdjustPrivilegeToken
PID:2148

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
55⤵
- Suspicious use of SetThreadContext
PID:2060

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
56⤵
- Suspicious use of AdjustPrivilegeToken
PID:1184

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
57⤵
- Suspicious use of SetThreadContext
PID:2836

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
58⤵
- Suspicious use of AdjustPrivilegeToken
PID:2824

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
59⤵
- Suspicious use of SetThreadContext
PID:1700

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
60⤵
- Suspicious use of AdjustPrivilegeToken
PID:2768

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
61⤵
- Suspicious use of SetThreadContext
PID:2764

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
62⤵
- Suspicious use of AdjustPrivilegeToken
PID:2640

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
63⤵
- Suspicious use of SetThreadContext
PID:2784

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
64⤵
- Suspicious use of AdjustPrivilegeToken
PID:2756

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
65⤵
- Suspicious use of SetThreadContext
PID:2544

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
66⤵
- Suspicious use of AdjustPrivilegeToken
PID:2652

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
67⤵
- Suspicious use of SetThreadContext
PID:2548

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
68⤵
- Suspicious use of AdjustPrivilegeToken
PID:2532

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
69⤵
- Suspicious use of SetThreadContext
PID:2136

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
70⤵
- Suspicious use of AdjustPrivilegeToken
PID:2008

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
71⤵
- Suspicious use of SetThreadContext
PID:2404

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
72⤵
- Suspicious use of AdjustPrivilegeToken
PID:2204

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
73⤵
- Suspicious use of SetThreadContext
PID:2176

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
74⤵
- Suspicious use of AdjustPrivilegeToken
PID:1672

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
75⤵
- Suspicious use of SetThreadContext
PID:2444

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
76⤵
- Suspicious use of AdjustPrivilegeToken
PID:2164

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
77⤵
- Suspicious use of SetThreadContext
PID:1224

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
78⤵
- Suspicious use of AdjustPrivilegeToken
PID:1868

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
79⤵
- Suspicious use of SetThreadContext
PID:1932

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
80⤵
- Suspicious use of AdjustPrivilegeToken
PID:1664

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
81⤵
- Suspicious use of SetThreadContext
PID:2440

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
82⤵
- Suspicious use of AdjustPrivilegeToken
PID:1248

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
83⤵
- Suspicious use of SetThreadContext
PID:1544

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
84⤵
- Suspicious use of AdjustPrivilegeToken
PID:2804

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
85⤵
- Suspicious use of SetThreadContext
PID:2816

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
86⤵
- Suspicious use of AdjustPrivilegeToken
PID:2368

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
87⤵
- Suspicious use of SetThreadContext
PID:1260

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
88⤵
- Suspicious use of AdjustPrivilegeToken
PID:2108

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
89⤵
- Suspicious use of SetThreadContext
PID:2896

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
90⤵
- Suspicious use of AdjustPrivilegeToken
PID:2152

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
91⤵
- Suspicious use of SetThreadContext
PID:1300

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
92⤵
- Suspicious use of AdjustPrivilegeToken
PID:1488

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
93⤵
- Suspicious use of SetThreadContext
PID:788

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
94⤵
- Suspicious use of AdjustPrivilegeToken
PID:1480

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
95⤵
- Suspicious use of SetThreadContext
PID:1776

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
96⤵
- Suspicious use of AdjustPrivilegeToken
PID:828

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
97⤵
- Suspicious use of SetThreadContext
PID:1576

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
98⤵
- Suspicious use of AdjustPrivilegeToken
PID:2336

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
99⤵
- Suspicious use of SetThreadContext
PID:2360

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
100⤵
- Suspicious use of AdjustPrivilegeToken
PID:1524

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
101⤵
- Suspicious use of SetThreadContext
PID:1996

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
102⤵
- Suspicious use of AdjustPrivilegeToken
PID:2076

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
103⤵
- Suspicious use of SetThreadContext
PID:656

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
104⤵
- Suspicious use of AdjustPrivilegeToken
PID:752

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
105⤵
- Suspicious use of SetThreadContext
PID:1316

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
106⤵
- Suspicious use of AdjustPrivilegeToken
PID:620

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
107⤵
- Suspicious use of SetThreadContext
PID:1512

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
108⤵
- Suspicious use of AdjustPrivilegeToken
PID:852

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
109⤵
- Suspicious use of SetThreadContext
PID:884

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
110⤵
- Suspicious use of AdjustPrivilegeToken
PID:2036

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
111⤵
- Suspicious use of SetThreadContext
PID:1720

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
112⤵
- Suspicious use of AdjustPrivilegeToken
PID:2104

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
113⤵
- Suspicious use of SetThreadContext
PID:1816

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
114⤵
- Suspicious use of AdjustPrivilegeToken
PID:1184

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
115⤵
- Suspicious use of SetThreadContext
PID:2700

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
116⤵
- Suspicious use of AdjustPrivilegeToken
PID:2824

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
117⤵
- Suspicious use of SetThreadContext
PID:2828

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
118⤵
- Suspicious use of AdjustPrivilegeToken
PID:2768

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
119⤵
- Suspicious use of SetThreadContext
PID:2868

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
120⤵
- Suspicious use of AdjustPrivilegeToken
PID:2648

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
121⤵
- Suspicious use of SetThreadContext
PID:2540

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
122⤵
- Suspicious use of AdjustPrivilegeToken
PID:2756

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
123⤵
- Suspicious use of SetThreadContext
PID:2516

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
124⤵
- Suspicious use of AdjustPrivilegeToken
PID:2680

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
125⤵
- Suspicious use of SetThreadContext
PID:2948

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
126⤵
- Suspicious use of AdjustPrivilegeToken
PID:2532

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
127⤵
- Suspicious use of SetThreadContext
PID:2224

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
128⤵
- Suspicious use of AdjustPrivilegeToken
PID:2028

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
129⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
130⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
131⤵
PID:2724

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
132⤵
PID:560

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
133⤵
PID:352

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
134⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
135⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
136⤵
PID:2316

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
137⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
138⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
139⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
140⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
141⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
142⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
143⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
144⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
145⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
146⤵
PID:1300

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
147⤵
PID:1104

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
148⤵
PID:788

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
149⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
150⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
151⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
152⤵
PID:828

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
153⤵
PID:1356

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
154⤵
PID:1548

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
155⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
156⤵
PID:1368

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
157⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
158⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
159⤵
PID:996

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
160⤵
PID:952

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
161⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
162⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
163⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
164⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
165⤵
PID:1080

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
166⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
167⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
168⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
169⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
170⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
171⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
172⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
173⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
174⤵
PID:2868

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
175⤵
PID:2740

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
176⤵
PID:2984

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
177⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
178⤵
PID:2516

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
179⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
180⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
181⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
182⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
183⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
184⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
185⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
186⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
187⤵
PID:560

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
188⤵
PID:352

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
189⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
190⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
191⤵
PID:760

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
192⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
193⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
194⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
195⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
196⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
197⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
198⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
199⤵
PID:1000

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
200⤵
PID:668

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
201⤵
PID:1300

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
202⤵
PID:1104

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
203⤵
PID:1480

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
204⤵
PID:444

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
205⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
206⤵
PID:984

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
207⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
208⤵
PID:1348

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
209⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
210⤵
PID:880

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
211⤵
PID:328

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
212⤵
PID:684

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
213⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
214⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
215⤵
PID:1236

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
216⤵
PID:2976

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
217⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
218⤵
PID:1944

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
219⤵
PID:1080

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
220⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
221⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
222⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
223⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
224⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
225⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
226⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
227⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
228⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
229⤵
PID:2740

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
230⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
231⤵
PID:2984

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
232⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
233⤵
PID:1808

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
234⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
235⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
236⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
237⤵
PID:2212

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
238⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
239⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
240⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
241⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
242⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
243⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
244⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
245⤵
PID:2440

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
246⤵
PID:1248

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
247⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
248⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
249⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
250⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
251⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
252⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
253⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
254⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
255⤵
PID:1476

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
256⤵
PID:580

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
257⤵
PID:2144

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
258⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
259⤵
PID:1104

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
260⤵
PID:1480

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
261⤵
PID:444

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
262⤵
PID:820

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
263⤵
PID:828

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
264⤵
PID:1356

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
265⤵
PID:1344

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
266⤵
PID:1144

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
267⤵
PID:328

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
268⤵
PID:880

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
269⤵
PID:996

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
270⤵
PID:296

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
271⤵
PID:868

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
272⤵
PID:1236

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
273⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
274⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
275⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
276⤵
PID:1080

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
277⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
278⤵
PID:3024

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
279⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
280⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
281⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
282⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
283⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
284⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
285⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
286⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
287⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
288⤵
PID:2984

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
289⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
290⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
291⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
292⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
293⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
294⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
295⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
296⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
297⤵
PID:1668

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
298⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
299⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
300⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
301⤵
PID:1660

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
302⤵
PID:2800

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
303⤵
PID:1432

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
304⤵
PID:1196

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
305⤵
PID:1260

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
306⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
307⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
308⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
309⤵
PID:2108

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
310⤵
PID:644

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
311⤵
PID:320

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
312⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
313⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
314⤵
PID:1040

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
315⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
316⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
317⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
318⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
319⤵
PID:544

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
320⤵
PID:824

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
321⤵
PID:2124

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
322⤵
PID:1356

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
323⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
324⤵
PID:1144

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
325⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
326⤵
PID:880

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
327⤵
PID:620

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
328⤵
PID:296

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
329⤵
PID:1512

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
330⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
331⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
332⤵
PID:884

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
333⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
334⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
335⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
336⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
337⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
338⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
339⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
340⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
341⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
342⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
343⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
344⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
345⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
346⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
347⤵
PID:1808

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
348⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
349⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
350⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
351⤵
PID:2212

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
352⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
353⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
354⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
355⤵
PID:1948

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
356⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
357⤵
PID:2480

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
358⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
359⤵
PID:2800

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
360⤵
PID:1432

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
361⤵
PID:1196

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
362⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
363⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
364⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
365⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
366⤵
PID:1308

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
367⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
368⤵
PID:668

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
369⤵
PID:580

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
370⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
371⤵
PID:2144

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
372⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
373⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
374⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
375⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
376⤵
PID:544

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
377⤵
PID:824

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
378⤵
PID:1344

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
379⤵
PID:1348

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
380⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
381⤵
PID:1144

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
382⤵
PID:996

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
383⤵
PID:880

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
384⤵
PID:620

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
385⤵
PID:1512

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
386⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
387⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
388⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
389⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
390⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
391⤵
PID:1252

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
392⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
393⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
394⤵
PID:872

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
395⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
396⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
397⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
398⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
399⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
400⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
401⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
402⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
403⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
404⤵
PID:2516

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
405⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
406⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
407⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
408⤵
PID:1336

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
409⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
410⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
411⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
412⤵
PID:560

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
413⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
414⤵
PID:352

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
415⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
416⤵
PID:760

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
417⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
418⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
419⤵
PID:1196

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
420⤵
PID:2368

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
421⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
422⤵
PID:2744

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
423⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
424⤵
PID:2476

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
425⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
426⤵
PID:1300

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
427⤵
PID:1332

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
428⤵
PID:1172

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
429⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
430⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
431⤵
PID:1784

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
432⤵
PID:1484

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
433⤵
PID:604

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
434⤵
PID:1088

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
435⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
436⤵
PID:688

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
437⤵
PID:292

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
438⤵
PID:2084

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
439⤵
PID:860

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
440⤵
PID:3060

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
441⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
442⤵
PID:628

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
443⤵
PID:1236

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
444⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
445⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
446⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
447⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
448⤵
PID:1080

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
449⤵
PID:2196

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
450⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
451⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
452⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
453⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
454⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
455⤵
PID:2672

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1280-52-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2092-13-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2176-58-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2244-4-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2296-34-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2524-28-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2588-46-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2644-22-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2688-40-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2716-64-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2824-6-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2824-7-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2824-1-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2824-0-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2824-3-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2824-5-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2824-8-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2972-17-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/2972-16-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download

description	pid	process	target process
PID 2244 set thread context of 2824	2244	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2092 set thread context of 2972	2092	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2644 set thread context of 2772	2644	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2524 set thread context of 3032	2524	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2296 set thread context of 2604	2296	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2688 set thread context of 2628	2688	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2588 set thread context of 2636	2588	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1280 set thread context of 2964	1280	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2176 set thread context of 560	2176	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2716 set thread context of 1956	2716	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1228 set thread context of 336	1228	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1988 set thread context of 1852	1988	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2440 set thread context of 1048	2440	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2480 set thread context of 1196	2480	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2816 set thread context of 2344	2816	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2612 set thread context of 2500	2612	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2896 set thread context of 2496	2896	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 484 set thread context of 788	484	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1480 set thread context of 1776	1480	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1812 set thread context of 1576	1812	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2336 set thread context of 2360	2336	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1524 set thread context of 1368	1524	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1632 set thread context of 1644	1632	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 900 set thread context of 620	900	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2904 set thread context of 2116	2904	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2980 set thread context of 2036	2980	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 876 set thread context of 2148	876	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2060 set thread context of 1184	2060	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2836 set thread context of 2824	2836	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1700 set thread context of 2768	1700	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2764 set thread context of 2640	2764	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2784 set thread context of 2756	2784	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2544 set thread context of 2652	2544	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2548 set thread context of 2532	2548	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2136 set thread context of 2008	2136	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2404 set thread context of 2204	2404	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2176 set thread context of 1672	2176	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2444 set thread context of 2164	2444	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1224 set thread context of 1868	1224	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1932 set thread context of 1664	1932	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2440 set thread context of 1248	2440	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1544 set thread context of 2804	1544	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2816 set thread context of 2368	2816	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1260 set thread context of 2108	1260	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2896 set thread context of 2152	2896	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1300 set thread context of 1488	1300	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 788 set thread context of 1480	788	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1776 set thread context of 828	1776	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1576 set thread context of 2336	1576	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2360 set thread context of 1524	2360	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1996 set thread context of 2076	1996	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 656 set thread context of 752	656	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1316 set thread context of 620	1316	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1512 set thread context of 852	1512	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 884 set thread context of 2036	884	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1720 set thread context of 2104	1720	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1816 set thread context of 1184	1816	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2700 set thread context of 2824	2700	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2828 set thread context of 2768	2828	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2868 set thread context of 2648	2868	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2540 set thread context of 2756	2540	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2516 set thread context of 2680	2516	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2948 set thread context of 2532	2948	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2224 set thread context of 2028	2224	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe

description	pid	process	target process
PID 2244 wrote to memory of 2824	2244	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2244 wrote to memory of 2824	2244	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2244 wrote to memory of 2824	2244	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2244 wrote to memory of 2824	2244	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2244 wrote to memory of 2824	2244	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2244 wrote to memory of 2824	2244	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2824 wrote to memory of 2092	2824	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2824 wrote to memory of 2092	2824	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2824 wrote to memory of 2092	2824	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2824 wrote to memory of 2092	2824	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2092 wrote to memory of 2972	2092	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2092 wrote to memory of 2972	2092	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2092 wrote to memory of 2972	2092	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2092 wrote to memory of 2972	2092	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2092 wrote to memory of 2972	2092	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2092 wrote to memory of 2972	2092	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2972 wrote to memory of 2644	2972	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2972 wrote to memory of 2644	2972	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2972 wrote to memory of 2644	2972	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2972 wrote to memory of 2644	2972	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2644 wrote to memory of 2772	2644	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2644 wrote to memory of 2772	2644	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2644 wrote to memory of 2772	2644	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2644 wrote to memory of 2772	2644	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2644 wrote to memory of 2772	2644	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2644 wrote to memory of 2772	2644	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2772 wrote to memory of 2524	2772	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2772 wrote to memory of 2524	2772	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2772 wrote to memory of 2524	2772	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2772 wrote to memory of 2524	2772	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2524 wrote to memory of 3032	2524	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2524 wrote to memory of 3032	2524	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2524 wrote to memory of 3032	2524	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2524 wrote to memory of 3032	2524	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2524 wrote to memory of 3032	2524	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2524 wrote to memory of 3032	2524	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3032 wrote to memory of 2296	3032	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3032 wrote to memory of 2296	3032	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3032 wrote to memory of 2296	3032	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3032 wrote to memory of 2296	3032	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2296 wrote to memory of 2604	2296	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2296 wrote to memory of 2604	2296	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2296 wrote to memory of 2604	2296	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2296 wrote to memory of 2604	2296	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2296 wrote to memory of 2604	2296	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2296 wrote to memory of 2604	2296	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2604 wrote to memory of 2688	2604	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2604 wrote to memory of 2688	2604	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2604 wrote to memory of 2688	2604	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2604 wrote to memory of 2688	2604	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2688 wrote to memory of 2628	2688	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2688 wrote to memory of 2628	2688	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2688 wrote to memory of 2628	2688	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2688 wrote to memory of 2628	2688	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2688 wrote to memory of 2628	2688	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2688 wrote to memory of 2628	2688	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2628 wrote to memory of 2588	2628	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2628 wrote to memory of 2588	2628	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2628 wrote to memory of 2588	2628	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2628 wrote to memory of 2588	2628	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2588 wrote to memory of 2636	2588	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2588 wrote to memory of 2636	2588	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2588 wrote to memory of 2636	2588	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2588 wrote to memory of 2636	2588	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads