5bdd6c02c719617d3b00de205833dd06024b96513fb4988a91a7349154b24bac

Analysis

max time kernel
16s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 19:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
Size

2.1MB
MD5

867cf3c34a7db66949de9c542df8cf4c
SHA1

3de63d9e51a134b0836c45215899df1ce9fb7e62
SHA256

5bdd6c02c719617d3b00de205833dd06024b96513fb4988a91a7349154b24bac
SHA512

17d284bd252de1ef924ae023687b54014e39616925bfb9c7639d7e722d4cf363472ae544a98d02cdbfbc79d5bd9cfbc266fe29a836a9de44357daeb4e07aa39b
SSDEEP

49152:FSkI4OFTDmay2vFY6hKGKrdV7be+RbrCFgJYcQVSQPq3CC:FA4OFvmao6hVKL5hr0csXPwCC

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2504-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/files/0x0007000000016ca9-5.dat	upx
behavioral1/memory/3048-11-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2752-57-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2472-59-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2504-58-0x0000000004E70000-0x0000000004E8D000-memory.dmp	upx
behavioral1/memory/2860-71-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1660-73-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2504-75-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1200-76-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2504-91-0x0000000004E70000-0x0000000004E8D000-memory.dmp	upx
behavioral1/memory/2212-97-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2752-95-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2860-102-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2016-107-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1660-106-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2336-103-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/832-101-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1968-105-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1200-109-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1040-108-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2472-98-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2332-94-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3048-92-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1384-122-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/520-125-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/580-124-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2212-120-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2332-119-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/832-128-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1160-127-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1064-132-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1968-131-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/856-130-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2336-129-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1428-136-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2116-135-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1384-138-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/464-137-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2016-133-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/464-118-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/580-139-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1724-142-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1804-143-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2308-146-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1064-145-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2240-144-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1160-141-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/520-140-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/340-148-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1428-149-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2828-153-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2216-151-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1500-150-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2636-158-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/872-157-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2188-156-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2240-154-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2308-155-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/1080-159-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2216-161-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2828-163-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/3028-164-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2636-166-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\W:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\X:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\A:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\G:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\R:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\T:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\V:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\Y:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\L:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\N:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\K:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\B:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\J:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\I:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\O:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\P:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\Q:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\S:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\U:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\E:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\H:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\Z:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish kicking lesbian several models hole .mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\Temp\russian beastiality hardcore uncut hole swallow (Jade).avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\FxsTmp\malaysia gay voyeur .avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\black gang bang lingerie [free] .mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\FxsTmp\hardcore hot (!) .rar.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\japanese gang bang trambling lesbian glans gorgeoushorny (Karin).zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\shared\tyrkish cumshot lesbian hidden (Janette).zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\brasilian kicking horse [bangbus] feet hairy .mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\horse catfight gorgeoushorny (Gina,Janette).zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\shared\russian cum lingerie catfight feet (Anniston,Curtney).zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\russian fetish lingerie big glans .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\danish beastiality blowjob [milf] penetration .mpeg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\horse big .avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\italian horse bukkake licking titts .rar.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake voyeur hole penetration .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\brasilian animal lingerie hidden hole .mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Temp\italian cumshot blowjob voyeur .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\beast [milf] (Janette).zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\lingerie public glans .rar.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\beast catfight glans mature (Melissa).rar.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\lesbian licking cock .rar.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files\Windows Journal\Templates\indian porn sperm big glans .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\american nude bukkake catfight castration .mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\Download\hardcore sleeping glans .rar.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\fucking public leather .rar.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe

Drops file in Windows directory 35 IoCs

description	ioc	Process
File created	C:\Windows\PLA\Templates\brasilian cum beast [bangbus] sm .rar.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\asian blowjob hot (!) redhair (Kathrin,Liz).avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\british trambling full movie hole .avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\lesbian lesbian swallow .rar.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\swedish action lingerie sleeping titts .avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\trambling licking penetration .avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\italian porn lingerie licking girly .avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\japanese action lesbian big balls .avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\action sperm full movie wifey .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\gay [milf] leather (Christine,Karin).zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian cumshot lingerie uncut ash .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\blowjob catfight sm .avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian animal xxx girls glans gorgeoushorny .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SoftwareDistribution\Download\russian handjob fucking girls (Janette).mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\indian nude trambling sleeping .rar.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\hardcore hidden .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\japanese gang bang blowjob lesbian titts .avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\Downloaded Program Files\xxx licking .mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\black beastiality horse catfight Ôë (Sonja,Melissa).rar.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\american animal gay full movie cock .avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\assembly\tmp\indian beastiality xxx [milf] cock mistress (Liz).avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\american porn gay [bangbus] fishy .rar.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\black nude lingerie lesbian swallow .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\gay licking (Sylvia).mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\lingerie lesbian Ôë .avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\italian cum trambling [milf] feet shower .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\horse lesbian .avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\mssrv.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\lingerie voyeur femdom .mpeg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\assembly\temp\beast catfight ash (Sonja,Liz).avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\danish horse bukkake catfight .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\sperm licking cock shower .mpeg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lingerie licking (Sarah).rar.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\security\templates\tyrkish cumshot trambling hot (!) mature .rar.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\blowjob masturbation high heels (Kathrin,Liz).rar.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2504	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
3048	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2504	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
3048	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2752	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2472	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2504	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2860	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
3048	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1660	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1200	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1040	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2752	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2504	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2472	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2332	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2212	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
3048	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2860	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1660	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
832	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2752	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1200	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2336	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1968	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2504	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
856	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2016	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2472	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2116	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1040	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
464	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2212	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1384	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
580	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
3048	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
520	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2332	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2860	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1724	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1160	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1804	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1064	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1660	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2752	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2504	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1200	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1428	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
340	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1500	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1500	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2240	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2308	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2240	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2308	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2188	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2188	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2336	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2336	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1968	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1968	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
832	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
832	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
872	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 3048	2504	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	28
PID 2504 wrote to memory of 3048	2504	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	28
PID 2504 wrote to memory of 3048	2504	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	28
PID 2504 wrote to memory of 3048	2504	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	28
PID 3048 wrote to memory of 2752	3048	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	29
PID 3048 wrote to memory of 2752	3048	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	29
PID 3048 wrote to memory of 2752	3048	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	29
PID 3048 wrote to memory of 2752	3048	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	29
PID 2504 wrote to memory of 2472	2504	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	30
PID 2504 wrote to memory of 2472	2504	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	30
PID 2504 wrote to memory of 2472	2504	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	30
PID 2504 wrote to memory of 2472	2504	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	30
PID 3048 wrote to memory of 2860	3048	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	31
PID 3048 wrote to memory of 2860	3048	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	31
PID 3048 wrote to memory of 2860	3048	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	31
PID 3048 wrote to memory of 2860	3048	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	31
PID 2752 wrote to memory of 1660	2752	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	32
PID 2752 wrote to memory of 1660	2752	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	32
PID 2752 wrote to memory of 1660	2752	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	32
PID 2752 wrote to memory of 1660	2752	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	32
PID 2472 wrote to memory of 1040	2472	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	33
PID 2472 wrote to memory of 1040	2472	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	33
PID 2472 wrote to memory of 1040	2472	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	33
PID 2472 wrote to memory of 1040	2472	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	33
PID 2504 wrote to memory of 1200	2504	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	34
PID 2504 wrote to memory of 1200	2504	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	34
PID 2504 wrote to memory of 1200	2504	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	34
PID 2504 wrote to memory of 1200	2504	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	34
PID 3048 wrote to memory of 2332	3048	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	35
PID 3048 wrote to memory of 2332	3048	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	35
PID 3048 wrote to memory of 2332	3048	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	35
PID 3048 wrote to memory of 2332	3048	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	35
PID 2860 wrote to memory of 2212	2860	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	36
PID 2860 wrote to memory of 2212	2860	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	36
PID 2860 wrote to memory of 2212	2860	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	36
PID 2860 wrote to memory of 2212	2860	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	36
PID 2752 wrote to memory of 2336	2752	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	38
PID 2752 wrote to memory of 2336	2752	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	38
PID 2752 wrote to memory of 2336	2752	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	38
PID 2752 wrote to memory of 2336	2752	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	38
PID 1660 wrote to memory of 832	1660	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	37
PID 1660 wrote to memory of 832	1660	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	37
PID 1660 wrote to memory of 832	1660	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	37
PID 1660 wrote to memory of 832	1660	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	37
PID 1200 wrote to memory of 856	1200	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	39
PID 1200 wrote to memory of 856	1200	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	39
PID 1200 wrote to memory of 856	1200	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	39
PID 1200 wrote to memory of 856	1200	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	39
PID 2504 wrote to memory of 1968	2504	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	40
PID 2504 wrote to memory of 1968	2504	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	40
PID 2504 wrote to memory of 1968	2504	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	40
PID 2504 wrote to memory of 1968	2504	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	40
PID 2472 wrote to memory of 2016	2472	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	41
PID 2472 wrote to memory of 2016	2472	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	41
PID 2472 wrote to memory of 2016	2472	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	41
PID 2472 wrote to memory of 2016	2472	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	41
PID 1040 wrote to memory of 2116	1040	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	42
PID 1040 wrote to memory of 2116	1040	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	42
PID 1040 wrote to memory of 2116	1040	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	42
PID 1040 wrote to memory of 2116	1040	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	42
PID 2212 wrote to memory of 464	2212	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	43
PID 2212 wrote to memory of 464	2212	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	43
PID 2212 wrote to memory of 464	2212	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	43
PID 2212 wrote to memory of 464	2212	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	43

C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3048
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        8⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        9⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        8⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        8⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        8⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        8⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        8⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:10532
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:9332
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:340
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        8⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:10260
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7428
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:10032
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:8392
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:10116
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:10556
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:12284
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:9024
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:12136
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:8620
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:8216
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7892
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:464
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        8⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        8⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        8⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:12264
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7260
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:8536
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7436
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:520
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:11564
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7788
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7728
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:920
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:9108
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:12144
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:10564
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7924
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:10476
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:11548
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7916
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:9124
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:964
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7172
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:580
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7396
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7284
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:8020
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7820
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7624
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:10412
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:11600
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:9132
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7648
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:7780
- C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2472
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7796
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:11256
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:10092
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:8416
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7268
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7448
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:10512
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7128
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:872
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:10016
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7220
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:12272
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:11608
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7872
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:8592
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7276
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7588
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:10540
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7980
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:1068
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:10520
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:9760
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7696
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:6712
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7032
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:8724
- C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1200
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:856
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7804
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:11556
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:8140
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7956
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7744
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7212
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:11248
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:8552
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:10100
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7236
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:10944
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7988
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:8064
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:7864
- C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1968
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1500
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:12172
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7884
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:10368
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7252
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:10108
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7404
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:10404
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:7388
- C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1064
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:8120
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7412
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7932
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:4956
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:10132
- C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
  2⤵
  PID:2456
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:10124
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:7596
- C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
  2⤵
  PID:3412
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:7180
- C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
  2⤵
  PID:5440
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:10492
- C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
  2⤵
  PID:8208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake voyeur hole penetration .zip.exe

Filesize
1.1MB

MD5
358ecd5a221aa32217beefea75d12166

SHA1
a9dbf25332f3368fbf4f8a76e2a3db305b6d039e

SHA256
2eb71b66e6c0d23f191317ec56a8f9b07b2e5096ecd25205bfc2fb846f78aa42

SHA512
a01a12ae80fda4cbebfc4cba6a9d2817fce029990c40b4d4db772c62af42e28ec306fe9b3a5359bdc91aa5dab517ded583b0c212f7c5bd15c12a31477c3fa29b

Download Submit
memory/340-148-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/464-137-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/464-152-0x0000000004A40000-0x0000000004A5D000-memory.dmp

Filesize
116KB

Download
memory/464-118-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/520-125-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/520-140-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/520-162-0x0000000004680000-0x000000000469D000-memory.dmp

Filesize
116KB

Download
memory/580-124-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/580-139-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/832-128-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/832-101-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/832-134-0x00000000045C0000-0x00000000045DD000-memory.dmp

Filesize
116KB

Download
memory/856-130-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/872-157-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1040-108-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1064-132-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1064-176-0x00000000047C0000-0x00000000047DD000-memory.dmp

Filesize
116KB

Download
memory/1064-145-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1080-159-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1160-141-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1160-127-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1160-183-0x0000000000780000-0x000000000079D000-memory.dmp

Filesize
116KB

Download
memory/1160-172-0x0000000000780000-0x000000000079D000-memory.dmp

Filesize
116KB

Download
memory/1200-109-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1200-76-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1384-138-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1384-160-0x00000000048C0000-0x00000000048DD000-memory.dmp

Filesize
116KB

Download
memory/1384-122-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1428-136-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1428-149-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1500-150-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1660-73-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1660-106-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1660-165-0x0000000004A60000-0x0000000004A7D000-memory.dmp

Filesize
116KB

Download
memory/1724-170-0x0000000004900000-0x000000000491D000-memory.dmp

Filesize
116KB

Download
memory/1724-142-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1804-143-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1968-105-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1968-184-0x0000000004910000-0x000000000492D000-memory.dmp

Filesize
116KB

Download
memory/1968-131-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1968-181-0x0000000004910000-0x000000000492D000-memory.dmp

Filesize
116KB

Download
memory/2016-107-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2016-133-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2116-135-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2188-156-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2212-97-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2212-120-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2216-161-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2216-151-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2240-154-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2240-144-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2308-155-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2308-146-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2332-94-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2332-119-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2336-129-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2336-103-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2400-177-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2456-178-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2472-98-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2472-59-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2472-74-0x0000000004580000-0x000000000459D000-memory.dmp

Filesize
116KB

Download
memory/2476-179-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2500-180-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2504-96-0x0000000004E70000-0x0000000004E8D000-memory.dmp

Filesize
116KB

Download
memory/2504-91-0x0000000004E70000-0x0000000004E8D000-memory.dmp

Filesize
116KB

Download
memory/2504-10-0x0000000004E70000-0x0000000004E8D000-memory.dmp

Filesize
116KB

Download
memory/2504-75-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2504-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2504-58-0x0000000004E70000-0x0000000004E8D000-memory.dmp

Filesize
116KB

Download
memory/2548-174-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2572-168-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2636-166-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2636-158-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2660-173-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2752-99-0x00000000045D0000-0x00000000045ED000-memory.dmp

Filesize
116KB

Download
memory/2752-104-0x0000000004580000-0x000000000459D000-memory.dmp

Filesize
116KB

Download
memory/2752-72-0x0000000004580000-0x000000000459D000-memory.dmp

Filesize
116KB

Download
memory/2752-95-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2752-57-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2776-175-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2828-163-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2828-153-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2860-117-0x0000000004A40000-0x0000000004A5D000-memory.dmp

Filesize
116KB

Download
memory/2860-102-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2860-71-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2860-93-0x0000000004A40000-0x0000000004A5D000-memory.dmp

Filesize
116KB

Download
memory/2872-171-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2872-182-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3028-164-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3048-56-0x0000000001D60000-0x0000000001D7D000-memory.dmp

Filesize
116KB

Download
memory/3048-100-0x0000000004930000-0x000000000494D000-memory.dmp

Filesize
116KB

Download
memory/3048-70-0x0000000004930000-0x000000000494D000-memory.dmp

Filesize
116KB

Download
memory/3048-92-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3048-11-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3048-121-0x0000000004930000-0x000000000494D000-memory.dmp

Filesize
116KB

Download