modiloader | fb4aef1c345a246ca40f7629e3a760a69e7a84161995286cda1fd26aa74c3ae9

Analysis

max time kernel
149s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 06:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Size

68KB
MD5

19224d8fe2957721118d14faef5096ce
SHA1

2438ee98bc8a07143c6e64c7a1bcb1386878baa3
SHA256

fb4aef1c345a246ca40f7629e3a760a69e7a84161995286cda1fd26aa74c3ae9
SHA512

867d2e0d94ab71c4d6eb2ec9df1c79ebbca8b6d3db8c0f58cf27bb1ea852c0caed39fe058f0ed194df41354177881ee2d8ae4d9c59b10c3afbcb17a3425833de
SSDEEP

1536:p4jqi5axwdaPpyNlDgS54QuZxDuKTVWCrx4LTT61B8:ujpaxGaPpyNV54DyiVd12

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 20 IoCs

Processes:

resource	yara_rule
behavioral2/memory/940-3-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral2/memory/4944-9-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral2/memory/3028-15-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral2/memory/1408-19-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral2/memory/4164-22-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral2/memory/1012-25-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral2/memory/4216-28-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral2/memory/4176-31-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral2/memory/2928-34-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral2/memory/3312-37-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral2/memory/4500-40-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral2/memory/640-43-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral2/memory/3192-46-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral2/memory/3048-49-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral2/memory/4964-52-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral2/memory/2304-55-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral2/memory/4108-58-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral2/memory/1408-61-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral2/memory/5048-64-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2
behavioral2/memory/880-67-0x0000000010000000-0x0000000010017000-memory.dmp	modiloader_stage2

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe

Suspicious use of SetThreadContext 64 IoCs

Processes:

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

description	pid	process
Token: SeIncBasePriorityPrivilege	968	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3144	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4152	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4020	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1192	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1544	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3520	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3248	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4116	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1848	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4384	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	396	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4236	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2872	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3700	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2492	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4800	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3416	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4768	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3660	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2220	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4092	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4248	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1184	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2840	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1936	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	684	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2480	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2328	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1852	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4864	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1812	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1768	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2744	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3132	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1012	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4024	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	412	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3040	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4536	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1184	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	984	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4540	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2004	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	976	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4652	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1580	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1812	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	5000	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3448	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1272	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	372	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1544	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2900	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2508	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3108	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2320	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4360	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3320	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4880	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4376	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1532	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3892	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3204	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:940

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:968

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
3⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4944

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
4⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3144

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
5⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3028

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
6⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4152

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
7⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1408

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
8⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4020

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
9⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4164

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
10⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1192

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
11⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1012

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
12⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1544

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
13⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4216

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
14⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3520

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
15⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4176

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
16⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3248

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
17⤵
- Suspicious use of SetThreadContext
PID:2928

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
18⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:4116

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
19⤵
- Suspicious use of SetThreadContext
PID:3312

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
20⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:1848

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
21⤵
- Suspicious use of SetThreadContext
PID:4500

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
22⤵
- Suspicious use of AdjustPrivilegeToken
PID:4384

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
23⤵
- Suspicious use of SetThreadContext
PID:640

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
24⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:396

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
25⤵
- Suspicious use of SetThreadContext
PID:3192

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
26⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:4236

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
27⤵
- Suspicious use of SetThreadContext
PID:3048

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
28⤵
- Suspicious use of AdjustPrivilegeToken
PID:2872

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
29⤵
- Suspicious use of SetThreadContext
PID:4964

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
30⤵
- Suspicious use of AdjustPrivilegeToken
PID:3700

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
31⤵
- Suspicious use of SetThreadContext
PID:2304

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
32⤵
- Suspicious use of AdjustPrivilegeToken
PID:2492

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
33⤵
- Suspicious use of SetThreadContext
PID:4108

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
34⤵
- Suspicious use of AdjustPrivilegeToken
PID:4800

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
35⤵
- Suspicious use of SetThreadContext
PID:1408

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
36⤵
- Suspicious use of AdjustPrivilegeToken
PID:3416

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
37⤵
- Suspicious use of SetThreadContext
PID:5048

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
38⤵
- Suspicious use of AdjustPrivilegeToken
PID:4768

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
39⤵
- Suspicious use of SetThreadContext
PID:880

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
40⤵
- Suspicious use of AdjustPrivilegeToken
PID:3660

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
41⤵
- Suspicious use of SetThreadContext
PID:1744

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
42⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:2220

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
43⤵
- Suspicious use of SetThreadContext
PID:4472

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
44⤵
- Suspicious use of AdjustPrivilegeToken
PID:4092

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
45⤵
- Suspicious use of SetThreadContext
PID:3980

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
46⤵
- Suspicious use of AdjustPrivilegeToken
PID:4248

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
47⤵
- Suspicious use of SetThreadContext
PID:2928

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
48⤵
- Suspicious use of AdjustPrivilegeToken
PID:1184

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
49⤵
- Suspicious use of SetThreadContext
PID:2912

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
50⤵
- Suspicious use of AdjustPrivilegeToken
PID:2840

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
51⤵
- Suspicious use of SetThreadContext
PID:1940

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
52⤵
- Suspicious use of AdjustPrivilegeToken
PID:1936

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
53⤵
- Suspicious use of SetThreadContext
PID:4328

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
54⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:684

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
55⤵
- Suspicious use of SetThreadContext
PID:2296

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
56⤵
- Suspicious use of AdjustPrivilegeToken
PID:2480

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
57⤵
- Suspicious use of SetThreadContext
PID:1384

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
58⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:2328

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
59⤵
- Suspicious use of SetThreadContext
PID:2736

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
60⤵
- Suspicious use of AdjustPrivilegeToken
PID:1852

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
61⤵
- Suspicious use of SetThreadContext
PID:4480

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
62⤵
- Suspicious use of AdjustPrivilegeToken
PID:4864

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
63⤵
- Suspicious use of SetThreadContext
PID:1032

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
64⤵
- Suspicious use of AdjustPrivilegeToken
PID:1812

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
65⤵
- Suspicious use of SetThreadContext
PID:2444

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
66⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:1768

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
67⤵
- Suspicious use of SetThreadContext
PID:4232

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
68⤵
- Suspicious use of AdjustPrivilegeToken
PID:2744

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
69⤵
- Suspicious use of SetThreadContext
PID:3480

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
70⤵
- Suspicious use of AdjustPrivilegeToken
PID:3132

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
71⤵
- Suspicious use of SetThreadContext
PID:5088

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
72⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:1012

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
73⤵
- Suspicious use of SetThreadContext
PID:1788

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
74⤵
- Suspicious use of AdjustPrivilegeToken
PID:4024

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
75⤵
- Suspicious use of SetThreadContext
PID:1544

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
76⤵
- Suspicious use of AdjustPrivilegeToken
PID:412

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
77⤵
- Suspicious use of SetThreadContext
PID:2900

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
78⤵
- Suspicious use of AdjustPrivilegeToken
PID:3040

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
79⤵
- Suspicious use of SetThreadContext
PID:3980

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
80⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:4536

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
81⤵
- Suspicious use of SetThreadContext
PID:5104

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
82⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:1184

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
83⤵
- Suspicious use of SetThreadContext
PID:4324

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
84⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:984

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
85⤵
- Suspicious use of SetThreadContext
PID:3168

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
86⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:4540

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
87⤵
- Suspicious use of SetThreadContext
PID:4400

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
88⤵
- Suspicious use of AdjustPrivilegeToken
PID:2004

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
89⤵
- Suspicious use of SetThreadContext
PID:3656

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
90⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:976

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
91⤵
- Suspicious use of SetThreadContext
PID:2872

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
92⤵
- Suspicious use of AdjustPrivilegeToken
PID:4652

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
93⤵
- Suspicious use of SetThreadContext
PID:2492

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
94⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:1580

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
95⤵
- Suspicious use of SetThreadContext
PID:4152

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
96⤵
- Suspicious use of AdjustPrivilegeToken
PID:1812

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
97⤵
- Suspicious use of SetThreadContext
PID:1768

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
98⤵
- Suspicious use of AdjustPrivilegeToken
PID:5000

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
99⤵
- Suspicious use of SetThreadContext
PID:2744

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
100⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:3448

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
101⤵
- Suspicious use of SetThreadContext
PID:5028

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
102⤵
- Suspicious use of AdjustPrivilegeToken
PID:1272

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
103⤵
- Suspicious use of SetThreadContext
PID:888

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
104⤵
- Suspicious use of AdjustPrivilegeToken
PID:372

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
105⤵
- Suspicious use of SetThreadContext
PID:1096

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
106⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:1544

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
107⤵
- Suspicious use of SetThreadContext
PID:1864

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
108⤵
- Suspicious use of AdjustPrivilegeToken
PID:2900

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
109⤵
- Suspicious use of SetThreadContext
PID:3744

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
110⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:2508

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
111⤵
- Suspicious use of SetThreadContext
PID:5052

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
112⤵
- Suspicious use of AdjustPrivilegeToken
PID:3108

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
113⤵
- Suspicious use of SetThreadContext
PID:2544

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
114⤵
- Suspicious use of AdjustPrivilegeToken
PID:2320

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
115⤵
- Suspicious use of SetThreadContext
PID:5044

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
116⤵
- Suspicious use of AdjustPrivilegeToken
PID:4360

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
117⤵
- Suspicious use of SetThreadContext
PID:4500

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
118⤵
- Suspicious use of AdjustPrivilegeToken
PID:3320

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
119⤵
- Suspicious use of SetThreadContext
PID:4932

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
120⤵
- Suspicious use of AdjustPrivilegeToken
PID:4880

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
121⤵
- Suspicious use of SetThreadContext
PID:2772

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
122⤵
- Suspicious use of AdjustPrivilegeToken
PID:4376

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
123⤵
- Suspicious use of SetThreadContext
PID:4996

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
124⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:1532

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
125⤵
- Suspicious use of SetThreadContext
PID:1852

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
126⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:3892

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
127⤵
- Suspicious use of SetThreadContext
PID:2760

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
128⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
PID:3204

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
129⤵
PID:1456

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
130⤵
- Checks computer location settings
PID:2892

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
131⤵
PID:4800

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
132⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
133⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
134⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
135⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
136⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
137⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
138⤵
PID:2936

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
139⤵
PID:1148

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
140⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
141⤵
PID:1276

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
142⤵
- Checks computer location settings
PID:1656

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
143⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
144⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
145⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
146⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
147⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
148⤵
PID:1784

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
149⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
150⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
151⤵
PID:1196

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
152⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
153⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
154⤵
- Checks computer location settings
PID:1896

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
155⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
156⤵
- Checks computer location settings
PID:812

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
157⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
158⤵
PID:512

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
159⤵
PID:448

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
160⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
161⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
162⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
163⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
164⤵
PID:744

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
165⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
166⤵
- Checks computer location settings
PID:1488

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
167⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
168⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
169⤵
PID:1192

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
170⤵
- Checks computer location settings
PID:4620

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
171⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
172⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
173⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
174⤵
PID:1480

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
175⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
176⤵
PID:1336

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
177⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
178⤵
- Checks computer location settings
PID:3668

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
179⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
180⤵
- Checks computer location settings
PID:4636

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
181⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
182⤵
- Checks computer location settings
PID:4420

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
183⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
184⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
185⤵
PID:1064

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
186⤵
- Checks computer location settings
PID:1184

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
187⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
188⤵
- Checks computer location settings
PID:2840

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
189⤵
PID:684

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
190⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
191⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
192⤵
- Checks computer location settings
PID:4932

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
193⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
194⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
195⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
196⤵
- Checks computer location settings
PID:3492

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
197⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
198⤵
- Checks computer location settings
PID:1868

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
199⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
200⤵
- Checks computer location settings
PID:1888

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
201⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
202⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
203⤵
PID:1036

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
204⤵
- Checks computer location settings
PID:2372

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
205⤵
PID:452

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
206⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
207⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
208⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
209⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
210⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
211⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
212⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
213⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
214⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
215⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
216⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
217⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
218⤵
- Checks computer location settings
PID:3556

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
219⤵
PID:412

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
220⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
221⤵
PID:848

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
222⤵
- Checks computer location settings
PID:4576

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
223⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
224⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
225⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
226⤵
- Checks computer location settings
PID:3248

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
227⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
228⤵
PID:1880

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
229⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
230⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
231⤵
PID:1464

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
232⤵
PID:812

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
233⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
234⤵
PID:984

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
235⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
236⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
237⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
238⤵
- Checks computer location settings
PID:2184

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
239⤵
PID:1392

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
240⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
241⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
242⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
243⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
244⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
245⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
246⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
247⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
248⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
249⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
250⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
251⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
252⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
253⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
254⤵
- Checks computer location settings
PID:3912

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
255⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
256⤵
PID:1148

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
257⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
258⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
259⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
260⤵
- Checks computer location settings
PID:3196

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
261⤵
PID:696

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
262⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
263⤵
PID:2388

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
264⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
265⤵
PID:1092

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
266⤵
- Checks computer location settings
PID:4984

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
267⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
268⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
269⤵
PID:556

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
270⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
271⤵
PID:1384

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
272⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
273⤵
PID:2328

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
274⤵
- Checks computer location settings
PID:3176

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
275⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
276⤵
- Checks computer location settings
PID:3592

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
277⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
278⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
279⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
280⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
281⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
282⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
283⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
284⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
285⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
286⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
287⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
288⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
289⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
290⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
291⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
292⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
293⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
294⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
295⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
296⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
297⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
298⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
299⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
300⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
301⤵
PID:1784

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
302⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
303⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
304⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
305⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
306⤵
- Checks computer location settings
PID:4044

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
307⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
308⤵
PID:440

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
309⤵
PID:752

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
310⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
311⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
312⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
313⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
314⤵
- Checks computer location settings
PID:556

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
315⤵
PID:528

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
316⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
317⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
318⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
319⤵
PID:968

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
320⤵
- Checks computer location settings
PID:4396

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
321⤵
PID:2240

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
322⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
323⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
324⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
325⤵
PID:1288

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
326⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
327⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
328⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
329⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
330⤵
PID:468

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
331⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
332⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
333⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
334⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
335⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
336⤵
- Checks computer location settings
PID:1936

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
337⤵
PID:332

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
338⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
339⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
340⤵
PID:1480

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
341⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
342⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
343⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
344⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
345⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
346⤵
PID:1784

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
347⤵
PID:464

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
348⤵
- Checks computer location settings
PID:4568

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
349⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
350⤵
- Checks computer location settings
PID:4540

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
351⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
352⤵
- Checks computer location settings
PID:2524

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
353⤵
PID:448

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
354⤵
- Checks computer location settings
PID:752

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
355⤵
PID:1888

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
356⤵
- Checks computer location settings
PID:3368

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
357⤵
PID:744

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
358⤵
- Checks computer location settings
PID:904

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
359⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
360⤵
- Checks computer location settings
PID:1488

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
361⤵
PID:1456

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
362⤵
- Checks computer location settings
PID:1204

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
363⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
364⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
365⤵
PID:924

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
366⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
367⤵
PID:3060

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
368⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
369⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
370⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
371⤵
PID:1448

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
372⤵
PID:888

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
373⤵
PID:632

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
374⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
375⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
376⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
377⤵
PID:1920

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
378⤵
PID:1096

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
379⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
380⤵
- Checks computer location settings
PID:2732

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
381⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
382⤵
- Checks computer location settings
PID:696

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
383⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
384⤵
- Checks computer location settings
PID:4324

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
385⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
386⤵
- Checks computer location settings
PID:3980

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
387⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
388⤵
PID:464

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
389⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
390⤵
- Checks computer location settings
PID:4932

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
391⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
392⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
393⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
394⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
395⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
396⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
397⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
398⤵
- Checks computer location settings
PID:4340

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
399⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
400⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
401⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
402⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe" -s
403⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
404⤵
PID:4456

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

memory/640-43-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/880-67-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/940-3-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/968-0-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/968-2-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/968-1-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/968-4-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/968-6-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/1012-25-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/1408-61-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/1408-19-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2304-55-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/2928-34-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/3028-15-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/3048-49-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/3144-11-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/3144-10-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/3192-46-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/3312-37-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/4108-58-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/4152-17-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/4152-16-0x0000000030000000-0x0000000030012000-memory.dmp

Filesize
72KB

Download
memory/4164-22-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/4176-31-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/4216-28-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/4500-40-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/4944-9-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/4964-52-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/5048-64-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download

description	pid	process	target process
PID 940 set thread context of 968	940	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4944 set thread context of 3144	4944	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3028 set thread context of 4152	3028	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1408 set thread context of 4020	1408	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4164 set thread context of 1192	4164	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1012 set thread context of 1544	1012	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4216 set thread context of 3520	4216	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4176 set thread context of 3248	4176	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2928 set thread context of 4116	2928	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3312 set thread context of 1848	3312	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4500 set thread context of 4384	4500	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 640 set thread context of 396	640	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3192 set thread context of 4236	3192	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3048 set thread context of 2872	3048	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4964 set thread context of 3700	4964	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2304 set thread context of 2492	2304	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4108 set thread context of 4800	4108	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1408 set thread context of 3416	1408	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 5048 set thread context of 4768	5048	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 880 set thread context of 3660	880	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1744 set thread context of 2220	1744	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4472 set thread context of 4092	4472	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3980 set thread context of 4248	3980	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2928 set thread context of 1184	2928	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2912 set thread context of 2840	2912	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1940 set thread context of 1936	1940	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4328 set thread context of 684	4328	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2296 set thread context of 2480	2296	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1384 set thread context of 2328	1384	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2736 set thread context of 1852	2736	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4480 set thread context of 4864	4480	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1032 set thread context of 1812	1032	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2444 set thread context of 1768	2444	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4232 set thread context of 2744	4232	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3480 set thread context of 3132	3480	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 5088 set thread context of 1012	5088	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1788 set thread context of 4024	1788	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1544 set thread context of 412	1544	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2900 set thread context of 3040	2900	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3980 set thread context of 4536	3980	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 5104 set thread context of 1184	5104	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4324 set thread context of 984	4324	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3168 set thread context of 4540	3168	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4400 set thread context of 2004	4400	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3656 set thread context of 976	3656	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2872 set thread context of 4652	2872	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2492 set thread context of 1580	2492	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4152 set thread context of 1812	4152	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1768 set thread context of 5000	1768	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2744 set thread context of 3448	2744	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 5028 set thread context of 1272	5028	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 888 set thread context of 372	888	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1096 set thread context of 1544	1096	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1864 set thread context of 2900	1864	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3744 set thread context of 2508	3744	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 5052 set thread context of 3108	5052	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2544 set thread context of 2320	2544	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 5044 set thread context of 4360	5044	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4500 set thread context of 3320	4500	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4932 set thread context of 4880	4932	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2772 set thread context of 4376	2772	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4996 set thread context of 1532	4996	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1852 set thread context of 3892	1852	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 2760 set thread context of 3204	2760	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe

description	pid	process	target process
PID 940 wrote to memory of 968	940	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 940 wrote to memory of 968	940	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 940 wrote to memory of 968	940	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 940 wrote to memory of 968	940	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 940 wrote to memory of 968	940	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 968 wrote to memory of 4944	968	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 968 wrote to memory of 4944	968	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 968 wrote to memory of 4944	968	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4944 wrote to memory of 3144	4944	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4944 wrote to memory of 3144	4944	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4944 wrote to memory of 3144	4944	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4944 wrote to memory of 3144	4944	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4944 wrote to memory of 3144	4944	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3144 wrote to memory of 3028	3144	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3144 wrote to memory of 3028	3144	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3144 wrote to memory of 3028	3144	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3028 wrote to memory of 4152	3028	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3028 wrote to memory of 4152	3028	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3028 wrote to memory of 4152	3028	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3028 wrote to memory of 4152	3028	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3028 wrote to memory of 4152	3028	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4152 wrote to memory of 1408	4152	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4152 wrote to memory of 1408	4152	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4152 wrote to memory of 1408	4152	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1408 wrote to memory of 4020	1408	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1408 wrote to memory of 4020	1408	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1408 wrote to memory of 4020	1408	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1408 wrote to memory of 4020	1408	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1408 wrote to memory of 4020	1408	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4020 wrote to memory of 4164	4020	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4020 wrote to memory of 4164	4020	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4020 wrote to memory of 4164	4020	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4164 wrote to memory of 1192	4164	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4164 wrote to memory of 1192	4164	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4164 wrote to memory of 1192	4164	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4164 wrote to memory of 1192	4164	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4164 wrote to memory of 1192	4164	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1192 wrote to memory of 1012	1192	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1192 wrote to memory of 1012	1192	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1192 wrote to memory of 1012	1192	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1012 wrote to memory of 1544	1012	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1012 wrote to memory of 1544	1012	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1012 wrote to memory of 1544	1012	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1012 wrote to memory of 1544	1012	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1012 wrote to memory of 1544	1012	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1544 wrote to memory of 4216	1544	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1544 wrote to memory of 4216	1544	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 1544 wrote to memory of 4216	1544	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4216 wrote to memory of 3520	4216	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4216 wrote to memory of 3520	4216	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4216 wrote to memory of 3520	4216	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4216 wrote to memory of 3520	4216	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4216 wrote to memory of 3520	4216	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3520 wrote to memory of 4176	3520	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3520 wrote to memory of 4176	3520	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3520 wrote to memory of 4176	3520	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4176 wrote to memory of 3248	4176	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4176 wrote to memory of 3248	4176	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4176 wrote to memory of 3248	4176	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4176 wrote to memory of 3248	4176	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 4176 wrote to memory of 3248	4176	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3248 wrote to memory of 2928	3248	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3248 wrote to memory of 2928	3248	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe
PID 3248 wrote to memory of 2928	3248	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe	19224d8fe2957721118d14faef5096ce_JaffaCakes118.exe