d3ddc87ccc3100747dfa75865c49616449f752952d42bf68f4304cbe04fa2cfe

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 18:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
Size

656KB
MD5

15b1653d23b12bf5fa5e15683764c9d1
SHA1

c55aa5701c0d5ff1fdb43d38c528ad42ff51d58f
SHA256

d3ddc87ccc3100747dfa75865c49616449f752952d42bf68f4304cbe04fa2cfe
SHA512

2fb8f109a9ec843743fc1102b9385a1d44c2c7a350a5bc8f3da559ff2589473a1f686da54c45e69c48fba40623a05a41e47d96e1172fe6fbfe7352ad425db2dc
SSDEEP

12288:tEQoS9qhb5pbXLkrk9FE9IQCzna/GoqiaaWjb3o8pa/WTg/kzrmpF:t2bDXfjE9TCza+oUPn31paNczr+F

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2972-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/files/0x0007000000015f3c-5.dat	upx
behavioral1/memory/2460-55-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2460-89-0x0000000004CD0000-0x0000000004CED000-memory.dmp	upx
behavioral1/memory/2828-90-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2916-92-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2292-95-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2972-98-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2580-101-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2460-100-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2680-102-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1704-105-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2828-104-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1472-103-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2916-106-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2072-109-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1948-108-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2024-111-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2292-110-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2492-115-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1644-116-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/288-114-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2972-113-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1616-119-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2796-118-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3056-124-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2960-123-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1472-125-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2680-121-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2580-120-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3012-127-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1704-126-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1784-131-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2176-135-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1028-137-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1616-139-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2796-138-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2492-136-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1604-134-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2084-133-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2024-132-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1072-130-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2032-129-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2072-128-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3056-146-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2960-145-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1900-144-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1880-142-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3012-148-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/896-147-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1784-151-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1072-150-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1604-152-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2488-154-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2176-153-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2824-155-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1028-156-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2940-158-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2284-160-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1880-159-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2552-162-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2596-163-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2412-164-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2980-165-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File opened (read-only)	\??\K:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File opened (read-only)	\??\M:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File opened (read-only)	\??\P:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File opened (read-only)	\??\X:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File opened (read-only)	\??\Z:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File opened (read-only)	\??\B:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File opened (read-only)	\??\E:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File opened (read-only)	\??\L:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File opened (read-only)	\??\T:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File opened (read-only)	\??\I:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File opened (read-only)	\??\O:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File opened (read-only)	\??\R:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File opened (read-only)	\??\S:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File opened (read-only)	\??\Q:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File opened (read-only)	\??\U:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File opened (read-only)	\??\V:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File opened (read-only)	\??\W:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File opened (read-only)	\??\A:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File opened (read-only)	\??\G:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File opened (read-only)	\??\H:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File opened (read-only)	\??\N:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File opened (read-only)	\??\Y:	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese animal bukkake lesbian glans upskirt .rar.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\shared\italian nude bukkake [free] traffic .mpeg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\FxsTmp\lingerie hidden glans sm .mpg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\shared\hardcore full movie titts beautyfull .mpeg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\blowjob public titts traffic (Sarah).mpg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\Temp\japanese beastiality trambling big shoes .avi.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\FxsTmp\italian nude lingerie hidden (Jade).mpeg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\tyrkish animal blowjob full movie shower .avi.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish fetish beast licking .mpg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie girls (Tatjana).avi.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\blowjob girls YEâPSè& .zip.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\Download\russian cumshot sperm several models (Sylvia).mpg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\italian beastiality trambling licking .mpeg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\japanese porn fucking [milf] cock ejaculation (Samantha).rar.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\Templates\trambling masturbation young .zip.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\hardcore masturbation .rar.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\gay licking hole hotel .rar.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black animal sperm licking penetration .mpeg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\russian nude gay hidden glans .mpeg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\american cumshot lesbian sleeping high heels .rar.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\brasilian animal xxx uncut shoes .mpg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\russian horse gay girls cock gorgeoushorny (Tatjana).mpg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american porn bukkake full movie feet leather .zip.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\american fetish hardcore [milf] hole .mpeg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\beast sleeping sm .mpeg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\swedish cum beast uncut titts mature .mpg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\brasilian horse fucking voyeur titts gorgeoushorny (Samantha).mpg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\malaysia trambling big feet 50+ (Samantha).mpg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\french sperm hot (!) mistress .mpg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\asian blowjob [free] feet hairy .rar.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\xxx [free] feet .mpeg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\horse xxx voyeur .zip.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\indian nude lingerie hidden feet sweet .mpeg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\canadian beast [bangbus] .mpeg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\black gang bang trambling big titts latex .mpeg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie voyeur bedroom .rar.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish nude lingerie girls hairy .zip.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\horse fucking catfight cock (Anniston,Melissa).zip.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\porn xxx hidden (Samantha).mpg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\nude horse catfight (Janette).mpg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\italian handjob beast public cock boots .avi.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\british horse sleeping lady (Jenna,Janette).rar.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\asian trambling uncut (Sylvia).zip.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\african beast masturbation cock (Christine,Melissa).zip.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\african fucking sleeping titts bondage .mpeg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\fetish lingerie hidden femdom (Jenna,Tatjana).avi.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\Temp\black action horse licking titts .rar.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\spanish lingerie [milf] shower (Jenna,Jade).zip.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\malaysia fucking catfight boots (Sonja,Tatjana).mpeg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\french gay several models .mpeg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\asian blowjob sleeping titts .mpg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\danish cumshot bukkake catfight titts ìï (Melissa).avi.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\danish gang bang lingerie masturbation hole leather (Melissa).avi.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\italian beastiality fucking masturbation hole .rar.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\swedish animal blowjob public feet (Ashley,Karin).zip.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\japanese porn gay catfight lady .mpg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\horse sleeping (Sarah).mpeg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\assembly\tmp\indian handjob sperm big (Jade).avi.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\SoftwareDistribution\Download\trambling masturbation blondie (Sonja,Janette).mpg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\kicking xxx public (Curtney).avi.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\indian animal xxx several models lady .rar.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\british blowjob girls cock (Sandy,Samantha).avi.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\canadian beast big glans .zip.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\norwegian fucking hidden glans penetration .mpeg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\african xxx lesbian hairy .rar.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\norwegian lesbian hidden feet black hairunshaved .avi.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\danish fetish blowjob public hole balls (Melissa).rar.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\german trambling full movie (Melissa).mpeg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\spanish blowjob [bangbus] feet femdom (Curtney).mpg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\french lesbian voyeur lady .rar.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\kicking horse licking hole latex .zip.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\danish animal blowjob hidden balls .mpeg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\black cum gay full movie (Tatjana).rar.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\british lesbian sleeping .rar.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\malaysia beast masturbation cock .rar.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\chinese xxx girls (Sarah).mpg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\security\templates\indian nude blowjob voyeur glans .avi.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian handjob fucking girls .mpeg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\PLA\Templates\blowjob several models pregnant .avi.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\gang bang beast girls latex (Gina,Karin).zip.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\hardcore big .avi.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\animal hardcore full movie glans .avi.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian cumshot hardcore catfight hole beautyfull .mpg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\black beastiality gay [milf] circumcision .rar.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\InstallTemp\indian beastiality bukkake several models (Curtney).zip.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\danish beastiality xxx uncut YEâPSè& .mpg.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\french lingerie girls lady (Sandy,Jade).avi.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\tyrkish animal gay masturbation hole .zip.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\chinese lingerie catfight hole (Sonja,Jade).avi.exe	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2972	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2460	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2972	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2828	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2916	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2460	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2972	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
1948	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2292	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
288	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2828	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
1644	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2916	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2460	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2972	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2580	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2680	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
1472	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
1948	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2828	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
1704	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2292	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2072	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2024	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
288	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2972	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2032	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2084	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
1644	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2916	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2460	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2492	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2796	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
1616	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2960	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
1472	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2580	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
3056	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
1900	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2680	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
1948	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
3012	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2828	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
896	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
1704	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
288	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2292	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
1784	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2176	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2488	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
1072	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2972	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
1604	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2916	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2940	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2024	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
1028	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2024	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
1028	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2072	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2072	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2824	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
2824	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
1644	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2460	2972	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	28
PID 2972 wrote to memory of 2460	2972	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	28
PID 2972 wrote to memory of 2460	2972	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	28
PID 2972 wrote to memory of 2460	2972	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	28
PID 2460 wrote to memory of 2828	2460	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	29
PID 2460 wrote to memory of 2828	2460	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	29
PID 2460 wrote to memory of 2828	2460	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	29
PID 2460 wrote to memory of 2828	2460	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	29
PID 2972 wrote to memory of 2916	2972	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	30
PID 2972 wrote to memory of 2916	2972	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	30
PID 2972 wrote to memory of 2916	2972	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	30
PID 2972 wrote to memory of 2916	2972	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	30
PID 2828 wrote to memory of 1948	2828	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	31
PID 2828 wrote to memory of 1948	2828	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	31
PID 2828 wrote to memory of 1948	2828	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	31
PID 2828 wrote to memory of 1948	2828	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	31
PID 2916 wrote to memory of 2292	2916	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	32
PID 2916 wrote to memory of 2292	2916	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	32
PID 2916 wrote to memory of 2292	2916	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	32
PID 2916 wrote to memory of 2292	2916	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	32
PID 2460 wrote to memory of 288	2460	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	33
PID 2460 wrote to memory of 288	2460	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	33
PID 2460 wrote to memory of 288	2460	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	33
PID 2460 wrote to memory of 288	2460	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	33
PID 2972 wrote to memory of 1644	2972	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	34
PID 2972 wrote to memory of 1644	2972	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	34
PID 2972 wrote to memory of 1644	2972	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	34
PID 2972 wrote to memory of 1644	2972	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	34
PID 1948 wrote to memory of 2580	1948	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	35
PID 1948 wrote to memory of 2580	1948	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	35
PID 1948 wrote to memory of 2580	1948	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	35
PID 1948 wrote to memory of 2580	1948	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	35
PID 2292 wrote to memory of 2680	2292	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	36
PID 2292 wrote to memory of 2680	2292	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	36
PID 2292 wrote to memory of 2680	2292	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	36
PID 2292 wrote to memory of 2680	2292	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	36
PID 2828 wrote to memory of 1472	2828	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	37
PID 2828 wrote to memory of 1472	2828	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	37
PID 2828 wrote to memory of 1472	2828	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	37
PID 2828 wrote to memory of 1472	2828	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	37
PID 288 wrote to memory of 1704	288	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	38
PID 288 wrote to memory of 1704	288	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	38
PID 288 wrote to memory of 1704	288	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	38
PID 288 wrote to memory of 1704	288	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	38
PID 1644 wrote to memory of 2072	1644	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	39
PID 1644 wrote to memory of 2072	1644	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	39
PID 1644 wrote to memory of 2072	1644	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	39
PID 1644 wrote to memory of 2072	1644	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	39
PID 2916 wrote to memory of 2032	2916	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	40
PID 2916 wrote to memory of 2032	2916	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	40
PID 2916 wrote to memory of 2032	2916	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	40
PID 2916 wrote to memory of 2032	2916	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	40
PID 2972 wrote to memory of 2024	2972	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	41
PID 2972 wrote to memory of 2024	2972	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	41
PID 2972 wrote to memory of 2024	2972	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	41
PID 2972 wrote to memory of 2024	2972	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	41
PID 2460 wrote to memory of 2084	2460	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	42
PID 2460 wrote to memory of 2084	2460	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	42
PID 2460 wrote to memory of 2084	2460	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	42
PID 2460 wrote to memory of 2084	2460	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	42
PID 2680 wrote to memory of 2492	2680	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	43
PID 2680 wrote to memory of 2492	2680	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	43
PID 2680 wrote to memory of 2492	2680	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	43
PID 2680 wrote to memory of 2492	2680	15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe	43

C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2460
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        10⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        10⤵
        
        PID:17964
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        10⤵
        
        PID:26724
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        10⤵
        
        PID:14716
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:13804
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:13932
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:19988
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:20696
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:13368
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:25328
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:14596
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:25952
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:19188
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:11860
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:24460
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:20372
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:20436
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:19796
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:16120
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:20276
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:13292
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:20672
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:20536
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:14320
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:11292
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:19076
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:13196
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:20888
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:17804
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:16104
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:18236
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:14220
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:20920
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:16788
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:18308
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:13660
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:14148
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:20592
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:26280
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:25152
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:20736
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:14164
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:16356
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:25420
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:13268
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:24444
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:15172
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:20484
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:15180
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:13748
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:15272
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:9820
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:19180
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:7968
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:13388
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:25224
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:17900
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:26700
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:20628
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:15712
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:24544
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:18220
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:22484
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:26296
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:13828
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:20640
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:20028
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:13876
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:20200
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:13228
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:22316
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:18008
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:26684
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:17340
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:20032
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:19092
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:25524
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:23512
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:13360
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:20896
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:19108
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:25344
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:12052
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:18084
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:20512
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:19872
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:17324
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:16888
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:13244
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:25320
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:20552
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:10412
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:17284
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:26644
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:13900
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:25772
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:13252
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:25192
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:20572
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:16052
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:14236
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:9788
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:13860
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:25936
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:25144
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:25312
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:12184
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:15388
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:14912
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:17260
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:9900
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:13916
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:25468
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:13180
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:25184
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:288
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:896
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:13796
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:26248
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:25280
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:20564
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:25764
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:23532
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:17348
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:500
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:15720
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:16148
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:26240
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:13836
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:18276
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:13336
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:20612
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:13116
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:13844
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:25944
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:10416
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:17980
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:26652
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:7944
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:20492
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:14136
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:25352
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:20288
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:17292
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:13700
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:8904
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:14172
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:25500
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:10252
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:18176
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:13676
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:8664
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:26676
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:14244
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:9200
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:17300
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:18092
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:22460
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:10236
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:18016
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:26692
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:25516
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:25272
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:17848
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:10380
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:18244
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:11040
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:17204
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:8016
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:13508
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:25476
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:17276
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:11864
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:13276
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:24452
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:26256
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:25592
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:17916
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:10652
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:18184
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:25868
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:13940
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:23504
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:10740
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:18040
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:25208
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:20664
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:17316
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:26708
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:9712
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:15472
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:18300
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:26732
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:11636
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:21364
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:14204
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:17932
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:10860
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:18284
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:1416
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:13532
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:20688
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:16112
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:26628
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:10324
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:13772
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:7936
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:13172
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:25232
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:6392
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:17908
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:9328
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:13780
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:21564
- C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2916
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:17956
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        9⤵
        
        PID:26264
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:17308
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:25336
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:20680
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:17252
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:19068
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:14760
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:24488
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:20496
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:17220
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:20712
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:18056
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:20112
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:25568
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:13188
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:23524
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:13692
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:9224
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:13852
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:13908
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:25536
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:13320
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:20656
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:13708
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:18160
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:18996
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:15752
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:25576
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:18784
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:10772
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:18048
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:19620
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:14188
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:13684
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:15688
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:18168
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:26660
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:19920
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:19196
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:13540
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:20728
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:13732
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:18204
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:20156
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:18152
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:22468
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:25216
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:13888
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:14056
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        8⤵
        
        PID:16904
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:17244
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:26668
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:14504
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:20524
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:14212
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:25360
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:10388
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:18136
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:544
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:26972
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:25248
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:24392
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:9836
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:18144
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:25992
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:20704
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:13740
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:9720
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:26288
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:15464
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:25428
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:11300
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:18024
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:13484
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:10284
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:25816
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:10404
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:20356
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:18212
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:25304
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:11076
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:13764
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:14092
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:11868
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:18228
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:8868
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:14328
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:26716
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:17948
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:10264
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:20504
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:5868
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:13628
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:25960
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:9044
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:14180
- C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1644
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:15488
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:25484
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:13236
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:25136
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:14228
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:25176
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:10876
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:18260
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:14936
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:17268
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:25200
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:10980
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:18196
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:12528
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:20604
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:13724
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:9348
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:19060
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1072
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:15480
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:25452
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:24424
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:13516
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:25552
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:24416
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:15700
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:17892
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:20760
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:13468
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:25240
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:17924
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:10396
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:18268
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:25560
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:13164
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:25288
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:6376
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:17212
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:9432
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:13868
- C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2024
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1028
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        7⤵
        
        PID:26272
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:18292
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:26636
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:12844
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:20720
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:8336
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:13788
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:17940
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:10892
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:17996
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:13924
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:6472
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:25544
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:10748
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:18252
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:25460
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:13212
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:25296
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:6340
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:13636
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:25444
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:9340
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:6620
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:19084
- C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1784
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        6⤵
        
        PID:21344
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:17356
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:25584
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:11332
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:18032
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:25492
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:13328
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:20620
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:6704
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:17812
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:10024
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:19100
- C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
  2⤵
  PID:2296
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:17864
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
        5⤵
        
        PID:20000
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:19172
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:10608
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:18316
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:8228
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:20464
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:13524
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:25508
- C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
  2⤵
  PID:4116
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:7136
  - - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
      4⤵
      PID:24432
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:10884
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:17988
- C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
  2⤵
  PID:6032
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:11888
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:20380
- C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
  2⤵
  PID:8632
- - C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
    3⤵
    PID:6236
- C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
  2⤵
  PID:17332
- C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\15b1653d23b12bf5fa5e15683764c9d1_JaffaCakes118.exe"
  2⤵
  PID:17040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\hardcore masturbation .rar.exe

Filesize
1.1MB

MD5
12656c63a0001c5377c05f32245dc6a9

SHA1
cddcc83aaa08b3789edc53b0da708fc7e72dd8dc

SHA256
84721051bf47a5f35cb42dfe753752065ec672d640e7be3b5249d34a6a83d5d6

SHA512
dd7e447a28e5922c2eecc7206b07707757b9bb1e649d340e23310d838904e5c13cf27e31d964891444f6ee24d324a4b1dc9cf3d41c9d20db04acf02cdce4cf56

Download Submit
C:\debug.txt

Filesize
183B

MD5
a17c54ac6322fcf0d345f359ebab0f77

SHA1
05d671acb7e88f10ad37b39b3256384c1b7c30eb

SHA256
e3932385b1cd28e91adceb2e949baf4e90c3f4605262d0c536bdb571bb91239d

SHA512
9ba092645e7fc167383200282e3a0702643ed854e87d42be0a2a5f85d27806efc17490a86b6639a0d68dd0c1532659d3b450a0d1b4e3c36b554cb714f7f886e5

Download Submit
memory/288-114-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/544-183-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/896-147-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1028-156-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1028-137-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1072-150-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1072-130-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1416-184-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1472-125-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1472-103-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1604-134-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1604-152-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1616-139-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1616-119-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1644-171-0x00000000020F0000-0x000000000210D000-memory.dmp

Filesize
116KB

Download
memory/1644-116-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1644-178-0x00000000020F0000-0x000000000210D000-memory.dmp

Filesize
116KB

Download
memory/1704-105-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1704-126-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1704-170-0x0000000001F30000-0x0000000001F4D000-memory.dmp

Filesize
116KB

Download
memory/1784-151-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1784-131-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1880-142-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1880-159-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1892-175-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1900-144-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1948-141-0x00000000045D0000-0x00000000045ED000-memory.dmp

Filesize
116KB

Download
memory/1948-108-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1948-117-0x0000000004580000-0x000000000459D000-memory.dmp

Filesize
116KB

Download
memory/1948-97-0x0000000004580000-0x000000000459D000-memory.dmp

Filesize
116KB

Download
memory/1996-176-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2024-132-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2024-177-0x0000000004E20000-0x0000000004E3D000-memory.dmp

Filesize
116KB

Download
memory/2024-111-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2032-129-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2052-181-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2072-109-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2072-128-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2084-133-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2176-153-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2176-179-0x0000000000860000-0x000000000087D000-memory.dmp

Filesize
116KB

Download
memory/2176-135-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2232-182-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2284-160-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2292-143-0x0000000004AB0000-0x0000000004ACD000-memory.dmp

Filesize
116KB

Download
memory/2292-95-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2292-110-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2292-122-0x0000000004AB0000-0x0000000004ACD000-memory.dmp

Filesize
116KB

Download
memory/2412-164-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2460-180-0x0000000004CF0000-0x0000000004D0D000-memory.dmp

Filesize
116KB

Download
memory/2460-100-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2460-55-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2460-89-0x0000000004CD0000-0x0000000004CED000-memory.dmp

Filesize
116KB

Download
memory/2468-172-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2488-154-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2492-136-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2492-115-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2524-174-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2552-162-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2580-120-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2580-101-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2596-163-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2676-168-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2680-102-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2680-121-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2696-167-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2736-169-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2796-118-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2796-138-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2824-155-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2828-90-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2828-104-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2828-157-0x0000000004E30000-0x0000000004E4D000-memory.dmp

Filesize
116KB

Download
memory/2828-107-0x0000000004B90000-0x0000000004BAD000-memory.dmp

Filesize
116KB

Download
memory/2828-93-0x0000000004B90000-0x0000000004BAD000-memory.dmp

Filesize
116KB

Download
memory/2828-166-0x0000000004E30000-0x0000000004E4D000-memory.dmp

Filesize
116KB

Download
memory/2876-173-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2916-106-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2916-92-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2916-94-0x0000000004F10000-0x0000000004F2D000-memory.dmp

Filesize
116KB

Download
memory/2940-158-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2960-123-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2960-161-0x0000000000560000-0x000000000057D000-memory.dmp

Filesize
116KB

Download
memory/2960-145-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2972-149-0x0000000004EC0000-0x0000000004EDD000-memory.dmp

Filesize
116KB

Download
memory/2972-96-0x0000000004EC0000-0x0000000004EDD000-memory.dmp

Filesize
116KB

Download
memory/2972-91-0x0000000004EC0000-0x0000000004EDD000-memory.dmp

Filesize
116KB

Download
memory/2972-98-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2972-530-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2972-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2972-369-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2972-99-0x00000000048E0000-0x00000000048FD000-memory.dmp

Filesize
116KB

Download
memory/2972-113-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2972-54-0x00000000048E0000-0x00000000048FD000-memory.dmp

Filesize
116KB

Download
memory/2980-165-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3012-127-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3012-148-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3056-146-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3056-124-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download