0f98b36067882897b70b49f3a9248979d962451e438986c4d550ed1941f54749

Analysis

max time kernel
18s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 18:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
Size

498KB
MD5

20e0f4a33d2dc0d3c37eaecdf36449bc
SHA1

a6e49c00fbc94908ea1ffffc8d1905390f6f369f
SHA256

0f98b36067882897b70b49f3a9248979d962451e438986c4d550ed1941f54749
SHA512

64a4f9d8f01230891d4ed53a03efcde2d7e558de6c99a0269214e8ec1267f8579e5f6e746d93c3367518eb47abbdc2b06e104f08ef2ccb76bc7623788dd1ffcc
SSDEEP

12288:0EQoSr0uqsrGhFxcpXzlj+/PVWswmKu4u/+KsV+jhUe9:0FRhGhbcpjYP4su1K+KC2Ue9

Score

7^/10

persistence upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/656-0-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/files/0x0007000000023234-5.dat	upx
behavioral2/memory/656-11-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2908-12-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4912-13-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/888-15-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/656-14-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5052-17-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/872-18-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2324-19-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4056-21-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/2908-20-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4204-24-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3016-23-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3904-22-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4492-27-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4912-26-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/656-25-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3108-29-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/888-30-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4336-31-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5052-32-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3744-34-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4944-35-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1100-37-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4140-39-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/452-38-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/872-36-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4056-41-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3752-46-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4492-49-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3576-56-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4092-52-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/552-51-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4420-45-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3016-43-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4204-44-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3564-42-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/448-57-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5236-60-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/644-59-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5460-76-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4140-74-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5424-70-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1100-69-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3564-77-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5360-67-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5244-66-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5300-65-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4944-64-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5176-61-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5688-84-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5808-87-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5656-86-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4580-85-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5664-83-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3752-82-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5888-89-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/3800-88-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/656-111-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/6076-115-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/4856-110-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/5196-117-0x0000000000400000-0x000000000041E000-memory.dmp	upx
behavioral2/memory/1276-116-0x0000000000400000-0x000000000041E000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File opened (read-only)	\??\X:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File opened (read-only)	\??\A:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File opened (read-only)	\??\G:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File opened (read-only)	\??\I:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File opened (read-only)	\??\K:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File opened (read-only)	\??\O:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File opened (read-only)	\??\P:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File opened (read-only)	\??\Z:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File opened (read-only)	\??\B:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File opened (read-only)	\??\N:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File opened (read-only)	\??\U:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File opened (read-only)	\??\V:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File opened (read-only)	\??\W:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File opened (read-only)	\??\E:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File opened (read-only)	\??\H:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File opened (read-only)	\??\Q:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File opened (read-only)	\??\R:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File opened (read-only)	\??\S:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File opened (read-only)	\??\J:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File opened (read-only)	\??\L:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File opened (read-only)	\??\M:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File opened (read-only)	\??\Y:	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe

Drops file in Program Files directory 11 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\asian beastiality beast licking legs (Sylvia,Sandy).mpeg.exe	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\british xxx blowjob [bangbus] ash (Janette).zip.exe	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\cum cum [free] .zip.exe	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\african animal lesbian masturbation .avi.exe	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Templates\tyrkish lesbian girls swallow .avi.exe	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse porn big mistress .zip.exe	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\animal full movie titts pregnant .avi.exe	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\xxx voyeur .avi.exe	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\cumshot porn [milf] nipples sweet (Jenna,Britney).rar.exe	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\norwegian fetish public mature .mpeg.exe	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\swedish horse girls mistress .mpeg.exe	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
656	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
656	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
2324	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
2324	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
656	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
656	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
2908	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
2908	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
656	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
656	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
3904	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
3904	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
2324	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
2324	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
4912	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
4912	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
656	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
656	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 656 wrote to memory of 2324	656	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe	92
PID 656 wrote to memory of 2324	656	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe	92
PID 656 wrote to memory of 2324	656	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe	92
PID 656 wrote to memory of 2908	656	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe	93
PID 656 wrote to memory of 2908	656	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe	93
PID 656 wrote to memory of 2908	656	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe	93
PID 2324 wrote to memory of 3904	2324	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe	94
PID 2324 wrote to memory of 3904	2324	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe	94
PID 2324 wrote to memory of 3904	2324	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe	94
PID 656 wrote to memory of 4912	656	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe	95
PID 656 wrote to memory of 4912	656	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe	95
PID 656 wrote to memory of 4912	656	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe	95
PID 2324 wrote to memory of 3108	2324	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe	96
PID 2324 wrote to memory of 3108	2324	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe	96
PID 2324 wrote to memory of 3108	2324	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe	96
PID 2908 wrote to memory of 888	2908	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe	97
PID 2908 wrote to memory of 888	2908	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe	97
PID 2908 wrote to memory of 888	2908	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe	97
PID 3904 wrote to memory of 4336	3904	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe	98
PID 3904 wrote to memory of 4336	3904	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe	98
PID 3904 wrote to memory of 4336	3904	20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe	98

C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:656
- C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        7⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        7⤵
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        7⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:9656
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:11304
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:9720
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:11948
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:11268
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:8636
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:11916
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:644
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:10776
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:11940
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:5716
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:10092
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:7524
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:7820
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:9036
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:11892
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:10460
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:11520
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:9664
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:10064
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:7452
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:8888
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:11676
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:8844
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:11908
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:11352
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:8136
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:3140
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:872
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:9672
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:11328
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:10084
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:10740
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:8260
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:10072
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:4092
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:10760
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:9152
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:11900
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:10160
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:10724
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:7616
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:12452
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:9044
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:11780
- C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:888
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:936
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:8900
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:11504
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:10768
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:9724
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:10352
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:7812
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:9568
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:11116
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:452
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:9008
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:8872
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:11664
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:448
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:5372
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:7752
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:6304
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:8644
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:10420
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:4764
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:7236
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:11312
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:8864
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:11692
- C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        6⤵
        
        PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:11076
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:11876
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:7628
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:11016
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:552
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:8132
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:9060
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:7096
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:5252
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:8516
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:4028
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:10732
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:7736
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:9524
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:3908
- C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
  2⤵
  PID:5052
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
        5⤵
        
        PID:8228
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:8372
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:3944
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:8732
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:5728
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:10344
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:7444
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:9028
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:11884
- C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
  2⤵
  PID:4492
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:8836
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:11932
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
      4⤵
      PID:11924
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:7804
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:9804
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:11320
- C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
  2⤵
  PID:3752
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:7516
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:10784
- C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
  2⤵
  PID:5656
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:9920
- C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
  2⤵
  PID:6492
- - C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
    3⤵
    PID:11360
- C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
  2⤵
  PID:8092
- C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\20e0f4a33d2dc0d3c37eaecdf36449bc_JaffaCakes118.exe"
  2⤵
  PID:9952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3940 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:7472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse porn big mistress .zip.exe

Filesize
237KB

MD5
d734088d1e8ff5b1623b66e295d54eb1

SHA1
1a78d113a7d0053e6d30b7b8fd444e650e344e6a

SHA256
ed13d471f3fcc0b9831875bdcf779d053940ba8b03778f7cfa935d173b927d63

SHA512
dddf9383f44fa63d28ad6981e19ac01c43c8f2e6e6296c9f94ad9d91f027f20f763bf92ef0c222ca330b90d6f77bef9d620eb60ee0f2ec84c7cc52dfe049a188

Download Submit
memory/448-57-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/452-38-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/552-51-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/644-59-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/656-25-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/656-11-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/656-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/656-111-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/656-14-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/656-210-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/872-36-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/872-18-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/888-15-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/888-30-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1100-69-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1100-37-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1168-138-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1276-116-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2324-19-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2908-20-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2908-12-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3016-43-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3016-23-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3108-29-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3564-77-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3564-42-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3576-56-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3744-34-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3752-46-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3752-82-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3800-88-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3904-22-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4056-21-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4056-41-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4092-52-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4140-74-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4140-39-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4204-24-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4204-44-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4336-31-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4420-45-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4492-49-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4492-27-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4580-85-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4856-110-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4912-13-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4912-26-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4944-35-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4944-64-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5052-32-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5052-17-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5176-61-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5176-136-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5184-137-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5196-117-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5212-142-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5236-60-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5236-157-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5244-66-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5244-162-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5252-160-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5300-65-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5300-161-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5360-67-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5360-163-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5424-70-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5424-183-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5460-241-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5460-76-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5568-253-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5648-257-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5656-258-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5656-86-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5664-83-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5688-84-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5808-87-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5888-89-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6076-115-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6120-152-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6128-153-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6136-141-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6308-143-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6316-144-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6476-154-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6484-145-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6492-149-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6500-146-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6508-147-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6552-148-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6560-155-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6652-150-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6708-156-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/6912-164-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7060-188-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7236-246-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7244-247-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7256-248-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7380-249-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7412-250-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7444-251-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7524-252-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/7616-255-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download