5bdd6c02c719617d3b00de205833dd06024b96513fb4988a91a7349154b24bac

Analysis

max time kernel
9s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 19:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
Size

2.1MB
MD5

867cf3c34a7db66949de9c542df8cf4c
SHA1

3de63d9e51a134b0836c45215899df1ce9fb7e62
SHA256

5bdd6c02c719617d3b00de205833dd06024b96513fb4988a91a7349154b24bac
SHA512

17d284bd252de1ef924ae023687b54014e39616925bfb9c7639d7e722d4cf363472ae544a98d02cdbfbc79d5bd9cfbc266fe29a836a9de44357daeb4e07aa39b
SSDEEP

49152:FSkI4OFTDmay2vFY6hKGKrdV7be+RbrCFgJYcQVSQPq3CC:FA4OFvmao6hVKL5hr0csXPwCC

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1252-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/files/0x000b000000023b98-5.dat	upx
behavioral2/memory/2020-14-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4212-145-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3648-146-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2756-174-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4684-178-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/852-177-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1372-180-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4396-190-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3840-191-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4968-192-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1252-193-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/448-194-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1124-196-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2020-195-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3772-198-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4212-197-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2116-200-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3648-199-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2284-202-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2756-201-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/852-204-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4684-205-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2328-206-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4704-208-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1372-207-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2944-210-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4396-209-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/468-213-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4968-214-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2688-212-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3840-211-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3076-215-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/712-220-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1124-219-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5032-221-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2168-224-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2116-222-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2744-223-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/512-218-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2284-225-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/924-226-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/404-217-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/448-216-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2344-228-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2328-227-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2232-230-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2944-231-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4704-229-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2688-233-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/468-234-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3076-235-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1068-238-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/512-237-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/404-236-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/712-239-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3468-240-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5180-242-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5032-241-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5192-245-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5264-247-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/924-246-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2168-244-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\X:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\K:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\L:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\N:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\O:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\Q:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\A:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\B:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\H:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\T:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\V:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\M:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\R:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\U:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\J:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\P:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\S:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\Y:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\Z:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\E:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\G:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File opened (read-only)	\??\I:	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\cumshot fucking lesbian bedroom .mpeg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\SHARED\black gang bang gay sleeping hole (Anniston,Liz).avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian cum hardcore licking glans castration .mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\FxsTmp\black cumshot trambling [free] cock swallow .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\danish porn gay voyeur titts .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\Temp\trambling licking feet gorgeoushorny (Jade).mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\lesbian [free] hole upskirt .mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish kicking xxx big penetration .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\danish cum blowjob public cock .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\SHARED\black horse blowjob voyeur sm .rar.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob lesbian cock .mpeg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian cumshot fucking hidden glans .rar.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Templates\blowjob big latex .mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\black handjob sperm big titts girly .avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\danish beastiality hardcore girls bedroom .mpeg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\japanese fetish gay [free] feet .mpeg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\brasilian beastiality trambling [bangbus] (Liz).mpeg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian porn fucking public hole .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse sleeping cock pregnant .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\brasilian cumshot fucking several models bedroom .mpeg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\japanese action fucking masturbation cock .mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Temp\black cumshot gay licking high heels .mpeg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\trambling public blondie (Britney,Sylvia).avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\italian nude hardcore girls .mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\indian animal blowjob full movie hole lady .mpeg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\japanese kicking lesbian several models black hairunshaved .mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Temp\bukkake [milf] 40+ .mpeg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\brasilian beastiality xxx sleeping mature (Britney,Samantha).mpeg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\tyrkish gang bang fucking [free] redhair (Sandy,Sarah).mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Google\Update\Download\japanese beastiality gay several models titts (Anniston,Curtney).mpeg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe

Drops file in Windows directory 38 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\bukkake big .rar.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\PLA\Templates\american cumshot trambling uncut redhair .avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\hardcore [bangbus] .mpeg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\chinese beast uncut (Melissa).avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\hardcore girls (Liz).avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\blowjob masturbation .mpeg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\brasilian horse blowjob public hairy .avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\assembly\temp\gay [free] hotel .mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\horse [free] titts ejaculation .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\horse [bangbus] sm .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\indian horse fucking public boots .avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\indian handjob sperm big feet upskirt (Jade).avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lesbian girls .avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\fetish trambling uncut sm (Gina,Jade).rar.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\fetish xxx full movie girly .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\lingerie several models feet sweet .mpeg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\assembly\tmp\black animal beast licking .rar.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\Downloaded Program Files\swedish horse sperm voyeur glans fishy (Jade).zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\black kicking bukkake catfight pregnant (Anniston,Sarah).zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\brasilian cum gay catfight cock castration .avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\malaysia bukkake catfight femdom .mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\xxx big pregnant .mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SoftwareDistribution\Download\brasilian gang bang trambling [bangbus] (Jade).mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\mssrv.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie masturbation penetration (Jenna,Janette).zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lesbian big hole redhair (Curtney).mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\hardcore [bangbus] (Sarah).avi.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\lingerie sleeping feet (Jenna,Tatjana).mpeg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\hardcore catfight (Melissa).mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\chinese beast public cock .mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\CbsTemp\japanese gang bang lesbian big cock leather (Melissa).mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\InputMethod\SHARED\indian cum gay full movie bedroom .mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\security\templates\lingerie hot (!) bedroom .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\swedish beastiality trambling several models glans ejaculation .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\brasilian beastiality fucking catfight granny .mpeg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\black fetish sperm girls Ôï .mpeg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\american handjob beast uncut granny .mpg.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\russian cum horse uncut glans sweet .zip.exe	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
1252	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1252	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2020	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2020	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1252	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1252	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
3648	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
3648	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
4212	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
4212	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2020	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2020	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1252	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1252	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2756	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2756	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
852	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
852	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
4684	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
4684	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1252	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1252	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1372	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
1372	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2020	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
2020	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
3648	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
3648	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
4212	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
4212	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 39 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 2020	1252	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	88
PID 1252 wrote to memory of 2020	1252	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	88
PID 1252 wrote to memory of 2020	1252	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	88
PID 2020 wrote to memory of 3648	2020	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	89
PID 2020 wrote to memory of 3648	2020	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	89
PID 2020 wrote to memory of 3648	2020	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	89
PID 1252 wrote to memory of 4212	1252	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	90
PID 1252 wrote to memory of 4212	1252	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	90
PID 1252 wrote to memory of 4212	1252	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	90
PID 1252 wrote to memory of 2756	1252	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	91
PID 1252 wrote to memory of 2756	1252	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	91
PID 1252 wrote to memory of 2756	1252	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	91
PID 2020 wrote to memory of 852	2020	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	93
PID 2020 wrote to memory of 852	2020	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	93
PID 2020 wrote to memory of 852	2020	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	93
PID 3648 wrote to memory of 4684	3648	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	92
PID 3648 wrote to memory of 4684	3648	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	92
PID 3648 wrote to memory of 4684	3648	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	92
PID 4212 wrote to memory of 1372	4212	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	94
PID 4212 wrote to memory of 1372	4212	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	94
PID 4212 wrote to memory of 1372	4212	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	94
PID 2756 wrote to memory of 4396	2756	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	95
PID 2756 wrote to memory of 4396	2756	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	95
PID 2756 wrote to memory of 4396	2756	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	95
PID 1252 wrote to memory of 3840	1252	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	96
PID 1252 wrote to memory of 3840	1252	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	96
PID 1252 wrote to memory of 3840	1252	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	96
PID 4212 wrote to memory of 4968	4212	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	99
PID 4212 wrote to memory of 4968	4212	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	99
PID 4212 wrote to memory of 4968	4212	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	99
PID 3648 wrote to memory of 448	3648	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	97
PID 3648 wrote to memory of 448	3648	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	97
PID 3648 wrote to memory of 448	3648	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	97
PID 2020 wrote to memory of 1124	2020	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	98
PID 2020 wrote to memory of 1124	2020	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	98
PID 2020 wrote to memory of 1124	2020	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	98
PID 852 wrote to memory of 3772	852	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	100
PID 852 wrote to memory of 3772	852	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	100
PID 852 wrote to memory of 3772	852	867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe	100

C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2020
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        8⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        8⤵
        
        PID:16412
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        8⤵
        
        PID:20136
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        8⤵
        
        PID:16108
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        8⤵
        
        PID:21496
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        8⤵
        
        PID:12472
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:21068
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        8⤵
        
        PID:21360
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:19380
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:21212
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:19368
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:712
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        8⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:14608
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:21040
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:16092
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:22376
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:11576
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:15120
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:15548
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:22012
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:14232
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:12736
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:18292
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:21592
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:9252
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:13000
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:18400
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:448
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        8⤵
        
        PID:23608
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:21748
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:15824
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:22360
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:23592
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:16288
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:21152
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:12908
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:18320
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:220
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:13904
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:20100
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:21332
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:13716
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:18504
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:14224
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:20636
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7768
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:15856
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:22368
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:11464
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:14436
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:21032
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7324
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:13724
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:18520
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:18980
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:12820
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:18308
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:536
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:8672
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:17744
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:23772
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:11648
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:16520
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:19588
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:852
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        8⤵
        
        PID:23616
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:16792
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:23408
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:16504
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:16596
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:23788
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:15076
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:20940
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:19388
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:14240
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:9720
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:21176
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:13228
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:18940
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:404
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:17452
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:14408
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:21024
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:20352
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:14068
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:14800
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:21272
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:12804
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:14144
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:20616
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:6952
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:13032
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:19104
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:18776
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:12068
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:17552
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:1224
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:1124
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:924
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:22664
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:15092
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:15816
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:22108
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:10424
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:22948
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:21084
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:18828
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:15060
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7128
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:9688
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:21136
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:13124
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:18648
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:17172
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:23964
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:13216
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:23972
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:13944
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:19688
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:9336
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:21092
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:12924
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:18476
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:3144
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:5192
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:12688
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:18224
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:9260
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:21160
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:13040
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:18788
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:6704
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:12276
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:17736
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:22864
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:9000
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:21344
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:12052
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:16880
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:23576
- C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4212
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:17688
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:4596
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:16100
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:13252
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:22656
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:14768
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:8460
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:19448
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:15408
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:21712
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:10396
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:23692
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:15068
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7160
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:23640
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:15100
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:16808
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:22560
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:10528
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:13364
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:14732
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:21076
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:17224
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:19156
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:16924
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:11244
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:21312
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:13016
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:18468
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:2680
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:12484
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:14124
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:20360
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:7800
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:16084
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:21964
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:22696
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:14776
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:21048
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:17024
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:23796
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:17112
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:19212
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:13896
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:18516
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:9344
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:21368
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:13008
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:18836
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:468
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:21468
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:13116
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:18640
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:14792
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:6000
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:21144
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:14036
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:20624
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:13696
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:16696
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:14216
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:13256
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:18960
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:12696
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:18300
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:16296
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:9020
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:18844
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:12060
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:17156
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:2864
- C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:17696
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:23764
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:15720
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:22088
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        7⤵
        
        PID:16132
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:15452
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:22332
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:11316
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:16212
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:15808
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:22072
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:16224
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:12404
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:12728
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:18244
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:8556
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:17044
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:24568
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:16688
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:23584
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:15028
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:12312
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:16756
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:22784
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:11268
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:23700
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:16232
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:12576
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:13056
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:18452
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:21700
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:18952
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:12828
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:18280
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:17852
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:8892
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:16892
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:23392
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:11672
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:16932
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:23400
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:13064
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:17604
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:9212
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:21184
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:12708
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:18268
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:4204
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:6592
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:10460
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:21976
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:14616
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:21168
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:8548
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:16800
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:17524
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:11284
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:16248
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:15692
- C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
  2⤵
  PID:3840
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:512
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        6⤵
        
        PID:23632
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:15084
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:16256
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:14552
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:23624
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:15108
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7164
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:16884
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:17532
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:11300
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:16748
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:22648
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:7016
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:14152
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:20648
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:7876
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:1200
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:12088
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:17488
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:23948
- C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
  2⤵
  PID:4704
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:13048
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:18460
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:21536
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:17456
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:11684
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:16944
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:23428
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:6692
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:12716
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:18216
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:3484
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:17680
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:23980
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:11972
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:17480
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:11756
- C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
  2⤵
  PID:1068
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:6572
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:11308
    - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
        5⤵
        
        PID:11412
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:16240
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:12520
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:8584
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:17328
  - - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
      4⤵
      PID:23956
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:11324
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:16740
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:22940
- C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
  2⤵
  PID:6472
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:12128
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:17036
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:23568
- C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
  2⤵
  PID:6820
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:15800
- - C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
    3⤵
    PID:22096
- C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
  2⤵
  PID:11964
- C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
  2⤵
  PID:1264
- C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\867cf3c34a7db66949de9c542df8cf4c_JaffaCakes118.exe"
  2⤵
  PID:23600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse sleeping cock pregnant .zip.exe

Filesize
1.5MB

MD5
965a3c5523b8f08263a69bd6b06e5a3a

SHA1
d81b7d86567cf008f6e0291c8e607f9674a398c2

SHA256
9a355365be5d79bae88a82f5a27f85ff95e514976bb3276528667ed011ae8f82

SHA512
7242b12a8943961b4db3d3b541613591dfff2cd86da82fc3cde4036505555fd5cbab563064bdbdca39b915717c75e9d983401564758a464fe2eb10250a27f3fb

Download Submit
memory/404-217-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/404-236-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/448-194-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/448-216-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/468-234-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/468-213-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/512-218-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/512-237-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/712-220-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/712-239-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/852-204-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/852-177-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/924-246-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/924-226-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1068-259-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1068-238-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1124-219-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1124-196-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1252-193-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1252-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1372-207-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1372-180-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2020-14-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2020-195-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2116-222-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2116-200-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2168-244-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2168-224-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2232-250-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2232-230-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2284-202-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2284-225-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2328-227-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2328-206-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2344-228-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2344-248-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2688-233-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2688-212-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2716-254-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2744-243-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2744-223-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2756-174-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2756-201-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2944-231-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2944-210-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3076-215-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3076-235-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3468-240-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3468-261-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3648-146-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3648-199-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3692-253-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3772-198-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3840-211-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3840-191-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4212-197-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4212-145-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4396-190-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4396-209-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4480-256-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4684-205-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4684-178-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4704-208-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4704-229-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4968-214-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4968-192-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5032-221-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5032-241-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5180-242-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5180-266-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5192-245-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5192-270-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5208-277-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5216-276-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5216-249-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5264-247-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5264-272-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5288-251-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5288-280-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5332-281-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5332-252-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5448-255-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5556-257-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5568-258-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5600-260-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5608-262-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5620-278-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5624-279-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5728-263-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5780-267-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5788-268-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5796-269-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5852-271-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6056-273-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6076-274-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6120-275-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download